From owner-freebsd-questions@FreeBSD.ORG Thu Jan 6 20:04:14 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE7A916A4CE for ; Thu, 6 Jan 2005 20:04:14 +0000 (GMT) Received: from smtp8.wanadoo.fr (smtp8.wanadoo.fr [193.252.22.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C51E43D31 for ; Thu, 6 Jan 2005 20:04:14 +0000 (GMT) (envelope-from atkielski.anthony@wanadoo.fr) Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf0802.wanadoo.fr (SMTP Server) with SMTP id 3C9BA1C002BB for ; Thu, 6 Jan 2005 21:04:13 +0100 (CET) Received: from pix.atkielski.com (ASt-Lambert-111-2-1-3.w81-50.abo.wanadoo.fr [81.50.80.3]) by mwinf0802.wanadoo.fr (SMTP Server) with ESMTP id 1D4361C00264 for ; Thu, 6 Jan 2005 21:04:13 +0100 (CET) Date: Thu, 6 Jan 2005 21:04:12 +0100 From: Anthony Atkielski X-Priority: 3 (Normal) Message-ID: <659027645.20050106210412@wanadoo.fr> To: freebsd-questions@freebsd.org In-Reply-To: <015301c4f3e8$58464920$92a7cb52@rekon> References: <1761142680.20050104050725@wanadoo.fr> <040201c4f372$06d09210$92a7cb52@rekon> <1507832106.20050106024812@wanadoo.fr> <015301c4f3e8$58464920$92a7cb52@rekon> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Running top on system console without being logged on X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jan 2005 20:04:14 -0000 Reko Turja writes: RT> Actually not command line options as such, but you can make a login RT> class for the top user in /etc/login.conf and feed the options via TOP RT> environment variable from there. RT> RT> You cant shell out from top and renicing from non root account is RT> impossible (except dropping the niceness of your own process). I think RT> the approach is secure enough and if you give "topper" good enough RT> password or deny logon from anywhere except from console, everything RT> should be ok. Of course if the terminal is accessible to others than RT> administrative staff, giving out the usernames can be a risk, but you RT> can use the usernumbers option to avoid giving out the usernames. RT> RT> Did myself something very similar with a IPless firewall between a while RT> back but I ran vmstat in the console instead. Good one glance monitoring RT> without the need of logging on the machine itself. I created a special user that logs directly into top. I don't run telnet or anything so login isn't possible from anywhere else, and it's a plain user account with a good password. It seems to work pretty well. -- Anthony