From owner-freebsd-questions@FreeBSD.ORG Fri Jan 7 08:10:46 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4D1816A4CE for ; Fri, 7 Jan 2005 08:10:46 +0000 (GMT) Received: from kenmore.kozy-kabin.nl (fia148-72.dsl.hccnet.nl [62.251.72.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89EBA43D45 for ; Fri, 7 Jan 2005 08:10:45 +0000 (GMT) (envelope-from colin@kenmore.kozy-kabin.nl) Received: from localhost (colin@localhost) by kenmore.kozy-kabin.nl (8.11.6p2/8.11.6) with ESMTP id j078Aha08149 for ; Fri, 7 Jan 2005 09:10:44 +0100 (CET) Date: Fri, 7 Jan 2005 09:10:42 +0100 From: "Colin J. Raven" To: freebsd-questions@freebsd.org In-Reply-To: <659027645.20050106210412@wanadoo.fr> Message-ID: References: <1761142680.20050104050725@wanadoo.fr> <040201c4f372$06d09210$92a7cb52@rekon> <015301c4f3e8$58464920$92a7cb52@rekon> <659027645.20050106210412@wanadoo.fr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: Running top on system console without being logged on X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jan 2005 08:10:46 -0000 On Jan 6 at 21:04, Anthony Atkielski launched this into the bitstream: > Reko Turja writes: > > RT> Actually not command line options as such, but you can make a login > RT> class for the top user in /etc/login.conf and feed the options via TOP > RT> environment variable from there. > RT> > RT> You cant shell out from top and renicing from non root account is > RT> impossible (except dropping the niceness of your own process). I think > RT> the approach is secure enough and if you give "topper" good enough > RT> password or deny logon from anywhere except from console, everything > RT> should be ok. Of course if the terminal is accessible to others than > RT> administrative staff, giving out the usernames can be a risk, but you > RT> can use the usernumbers option to avoid giving out the usernames. > RT> > RT> Did myself something very similar with a IPless firewall between a while > RT> back but I ran vmstat in the console instead. Good one glance monitoring > RT> without the need of logging on the machine itself. > > I created a special user that logs directly into top. I don't run > telnet or anything so login isn't possible from anywhere else, and it's > a plain user account with a good password. It seems to work pretty > well. > While masking the machine/LAN/location specific info, could you please post how you did this? What shell etc etc. I (for one) would be *most* grateful for this since (like many apparently) I'd like to do this too. Not mission critical in my case, but wildly cool if it could be done securely. Regards & TIA, -Colin