User profile for user: Georgy Karageogiev
Georgy Karageogiev Author
User level: Level 1
87 points

Stray processes after a user logout

I tried this on a couple of the machines updated to Mac OS X 10.9.4. I log in as a particular user, let's say user1, and then log out, and login as another user, let's say user2. After inspecting the system processes, I find a bunch of processes running on behalf of user1 and these don't seem to want to terminate:

/sbin/launchd

/usr/sbin/distnoted agent

/usr/sbin/cfprefsd agent

/usr/libexec/xpcd

/System/Library/PrivateFrameworks/TCC.framework/Resources/tccd

com.apple.IconServicesAgent

com.apple.imdpersistence.IMDPersistenceAgent

/usr/libexec/secd

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychain Proxy.bundle/Contents/MacOS/CloudKeychainProxy

com.apple.NotesMigratorService

com.apple.InputMethodKit.UserDictionary

/System/Library/PrivateFrameworks/CloudServices.framework/Resources/com.apple.sb d

com.apple.DataDetectorsDynamicData

/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd

com.apple.iCloudHelper


Can anybody help me to find decent documentation about these processes and if I can disable or safely terminate as many of them as possible? I didn't manage to find anything useful in the man pages or searching with google. I haven't observed such a behavior with OS X 10.7 and older versions.

OS X Mavericks (10.9.4)

Posted on Jul 27, 2014 7:20 PM

Reply
Question marked as Top-ranking reply
User profile for user: Georgy Karageogiev
Georgy Karageogiev Author
User level: Level 1
87 points

Posted on Sep 4, 2014 1:05 AM

I gave it a try. I created a script that can be installed as a cron job and I will paste it at the end of the post. You can try to use it at your own risk.


Mini manual: The script will kill all the stray processes for a particular user on a machine, the user has logged out. Additionally the script would not kill the user processes in case it detects presence of a optional specified file in the command line (helpful if the user has automated processes). I'd recommend it to execute it periodically as a root user, in its crontab for example. Executing the script without command line arguments will result in a display of its usage.


Installation (ask a technical person if unsure): Copy the script source below and paste it in some script file, say as /usr/local/bin/kill_stray_processes, then give it executable rights. From the terminal it would look like something similar:

# Create /usr/local/bin in case it doesn't exist

sudo mkdir -p /usr/local/bin

# Use your favourite editor to paste the source of the script, here for example vi

sudo vi /usr/local/bin/kill_stray_processes

# After pasting the source, saving and closing the editor, set executable rights of the script

sudo chmod a+x /usr/local/bin/kill_stray_processes


The cron job to check and kill stray processes for user myuser every hour would look like this:

0 * * * * /usr/local/bin/kill_stray_processes myuser


Suppose an automated process creates temporarily a file /tmp/mylock and you don't want to kill processes at the time it runs. The cron job would look like this:

0 * * * * /usr/local/bin/kill_stray_processes myuser /tmp/mylock


The source of the script starts below (no empty line in the beginning):

#!/bin/bash

# SYNOPSIS:

# This is a command line utility that would kill processes belonging

# to a particular user which does not have login session. Additionally

# the script can take as a command line argument files which when present

# can cause it not to proceed with killing the stray processes.

#

# USAGE:

# kill_stray_user_processes <user> [<lock_file>...]

#

COMMAND=$0

COMMAND_PATH=`dirname $COMMAND`

pushd . > /dev/null

cd $COMMAND_PATH

COMMAND_PATH=`pwd`

COMMAND_NAME=`basename $0`

popd > /dev/null

#

USER="$1"

if [ -z "$USER" ]; then

echo "USAGE: $COMMAND_NAME <user> [<lock_file>...]"

exit 0

fi

shift 1

# In case of specified lock files check for their presence and exit if any

while [ -n "$1" ]; do

if [ -f "$1" ]; then

exit 0

fi

shift 1

done

# Make sure the user has logged out

if w | grep -q -i "^${USER}[[:space:]]"; then

exit 0

fi

# Kill the stray launchd's and all their subprocesses

for pid in `ps -jaxwww | grep -i "^${USER}[[:space:]]" | grep "/sbin/launchd" | awk '{print $2}'`; do

bash -c "kill -- -${pid}"

done

# Try to kill gracefully everything else

for pid in `ps -jaxwww | grep -i "^${USER}[[:space:]]" | awk '{print $2}'`; do

bash -c "kill -- -${pid}" 2> /dev/null

done

# Kill forcefully everything that has left

for pid in `ps -jaxwww | grep -i "^${USER}[[:space:]]" | awk '{print $2}'`; do

kill -9 $pid 2> /dev/null

done

View in context
28 replies
User profile for user: Georgy Karageogiev
Georgy Karageogiev Author
User level: Level 1
87 points

Oct 1, 2014 2:28 PM in response to MyrkridianRhapsody

The documentation from the link I have posted says:

In your script, the variable

$1
returns the short name of the user who is logging in.


I'm just hoping the same applies to LogoutHook scripts. Then we only need to know if the command w returns the currently logging out user. In case it does you will need to modify the script by deleting or commenting out the three lines under the following comment:

# Make sure the user has logged out

Reply
User profile for user: MyrkridianRhapsody
MyrkridianRhapsody
User level: Level 2
474 points

Oct 2, 2014 7:43 AM in response to Georgy Karageogiev

Thanks for your help so far. So I commented out the three lines, made an executable out of it and created a logout hook for testing. It didn't appear to work; I logged into three separate accounts, and at the third one, I could still see all of the processes owned by the first two users. I tried running the script while be logged in on a user, not sure if it helps but here is the output I get:


/Library/Scripts/kill_stray_processes: line 21: : command not found

/Library/Scripts/kill_stray_processes: line 22: : command not found

/Library/Scripts/kill_stray_processes: line 27: syntax error near unexpected token `then'

/Library/Scripts/kill_stray_processes: line 27: ` if [ -f "$1" ]; then'

logout


[Process completed]

Reply
User profile for user: Georgy Karageogiev
Georgy Karageogiev Author
User level: Level 1
87 points

Oct 2, 2014 8:08 AM in response to MyrkridianRhapsody

Something tells me you have introduced some extra characters when you have copy-pasted the script to your system or you have used some rich text editor. I have the following tips for you

  • Make sure you don't have any invisible characters other than spaces, tabs and line-feeds in your script. Use a plain text editor that can display the invisible characters and make sure that the lines that start with blank characters contain only spaces or tabs in the beginning and only line-feed character at the end.
  • Test the script manually. The logout hook should effectively work like the following command you can execute from the terminal (put some real user name different from the current user in the place of <some_user>) :

sudo /Library/Scripts/kill_stray_processes <some_user>

You can make visible the flow of the script commands for easier debugging. Change the first line as follows (and don't forget to change back when you go on production):

#!/bin/bash -x

Reply
User profile for user: micahwkb
micahwkb
User level: Level 1
0 points

Aug 13, 2014 1:32 PM in response to Georgy Karageogiev

Glad to have found this post, I've noticed the same problem.


This is a big problem after updating 2009-2010 Macs to 10.9 in our environment -- after several users login to a shared machine, it crawls because most or all RAM is allocated to user processes of logged-out accounts. A reboot fixes this, but it's a frustration to the users since the machines never needed reboots under 10.6 or 10.7.


For users who use multiple Macs, some things simply can't run unless a machine is rebooted at logout. Thunderbird, for example, fails to work if a user logs out (having used Tbird) from one Mac and launches the app on another machine, which I confirmed was caused by the leftover processes. This tells me that the stray processes are actually tying up active files in the user's home directory, which confirms a potential security risk.

In case it matters, we use a "hybrid" infrastructure of sorts, where home folders reside in network locations and are aliased by startup scripts, so the Mac "thinks" they are present in /Users but on login the home folder is mounted in their respective filesystem via NFS.


I'm trying to hunt down a way to close all user processes either as a logout hook or as a system daemon.


Any progress on your end?

Reply
User profile for user: myrkridianrhapspody
myrkridianrhapspody
User level: Level 1
4 points

Oct 1, 2014 8:54 AM in response to Georgy Karageogiev

I would like to resurrect this post... this issue is killing me here at my college where I administrate the Macs. The kiosks/library machines are bound to active directory, so users login/logout with their AD credentials and have new profiles created on a daily basis, sometimes 50 users a day. Since the 10.9 upgrade, these machines have been freezing because old users are stealing valuable RAM particularly because of the com.apple.IconServicesAgent which takes 50-200 MB of RAM per user. It took me a while to figure this out. I was testing this:


sudo pkill -9 -fx com.apple.IconServicesAgent


Which seems to kill them all, and I put it as a logout script for my MCX controls, but there are a host of other processes (as noted above by previous posters) that are hanging around, almost like zombies but still using system resources. I never had this problem back in 10.7/10.8, so this seems like an inherent problem with the OS. I can't use the script written by Georgy Karageogiev above because I've got thousands of users on campus visiting the machines. Not sure where to go at this point.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Stray processes after a user logout

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up