From owner-freebsd-questions Thu May 2 10:16:41 2002 Delivered-To: freebsd-questions@freebsd.org Received: from boris.st.hmc.edu (boris.ST.HMC.Edu [134.173.63.11]) by hub.freebsd.org (Postfix) with ESMTP id BE04137B432 for ; Thu, 2 May 2002 10:16:22 -0700 (PDT) Received: from localhost (jeff@localhost) by boris.st.hmc.edu (8.11.6/8.11.6) with ESMTP id g42HGBL21473; Thu, 2 May 2002 10:16:12 -0700 (PDT) (envelope-from jeff@boris.st.hmc.edu) Date: Thu, 2 May 2002 10:16:11 -0700 (PDT) From: Jeff To: "Brian T.Schellenberger" Cc: default , FreeBSD-Questions Subject: Re: Restricting PS Use In-Reply-To: <20020502171102.EC819BB29@i8k.babbleon.org> Message-ID: <20020502101331.O20800-100000@boris.st.hmc.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 2 May 2002, Brian T.Schellenberger wrote: > On Thursday 02 May 2002 12:58 pm, default wrote: > | Hello, > | > | I have been trying to get this working for a long time to no avail, but... > | > | Basically I need to restrict the PS command so that normal users are only > | able to see their own processes... > | > | I would appreciate any suggestion on how to do this... > | > > - create a "ps" userid > - restrict ps so that only "PS" can execute it (root will be able to anyay). > - create a new ps command, probably just as a perl script, in /usr/local/bin > - make the perl script suid to the new "ps" id. > - Have the perl script execute ps and filter out the records you don't want. > > You can now restrict ps in any way you desire. > > Or, check sysctl kern.ps_showallprocs (more specifically, set it to zero) ... man 1 ps would have told you the same thing. - Jeff ============== Jeff Jirsa HMC Unix Admin jjirsa@hmc.edu ============== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message