Sidebar: Without Trusted User Access

It may not be feasible to use trusted user access on your network. Since rlock assumes this, alternatives may be useful. One simple solution is to create a process-id-checking user. This special user (e.g., lockcheck) could have a process-id-checking program instead of a normal shell in /etc/passwd. This would require that everyone have the ability to use the process id checking userid on every host, which means that this user must trust anyone on the network who might perform locks.

If this is still too much for your security policy, then a more sophisticated approach, using process checking servers, could be set up on every machine. A simple socket implementation, for example, could communicate a process id to be checked to a remote machine, receive a status, and return that information to the rlock program.