While the CGI may be owned by root, it is likely being run by a web server. That web server is hopefully not running as root. It is probably being run under a UID dedicated to the web server. In *NIX systems, if the server is running with permissions of a particular user (e.g. serveruser or root) only that user or root can send a signal to the process.

You don't want a set-uid CGI due to possible security issues so one approach may be to have the cgi execute a set-uid program that kills the server. If there are other users on the machine that shouldn't execute the script, then you may need to use a tool like sudo to control access to your killing program.

HTH, --traveler

BTW, don't kill with signal 9 unless absoulutely necessary as it cannot be caught or ignored (that is, it cannot be processed by the program). Use kill 15, $pid or  kill 'TERM', $pid instead. Also -sig kills a process group in perl, but in the shell you need the - so the program can differentiate the signal number from a process-id (PID).