From owner-freebsd-hackers  Sun Aug 13 15:29:11 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from mta4.rcsntx.swbell.net (mta4.rcsntx.swbell.net [151.164.30.28])
	by hub.freebsd.org (Postfix) with ESMTP id 998A537B5B0
	for <freebsd-hackers@FreeBSD.ORG>; Sun, 13 Aug 2000 15:29:07 -0700 (PDT)
	(envelope-from chris@holly.dyndns.org)
Received: from holly.dyndns.org ([208.191.149.190]) by mta4.rcsntx.swbell.net
 (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9)
 with ESMTP id <0FZ9008VL4IDPF@mta4.rcsntx.swbell.net> for
 freebsd-hackers@FreeBSD.ORG; Sun, 13 Aug 2000 17:15:49 -0500 (CDT)
Received: (from chris@localhost) by holly.dyndns.org (8.9.3/8.9.3)
 id RAA43946; Sun, 13 Aug 2000 17:15:28 -0500 (CDT envelope-from chris)
Date: Sun, 13 Aug 2000 17:15:27 -0500
From: Chris Costello <chris@calldei.com>
Subject: Re: limit processes that a user can 'see'
In-reply-to: <39970D08.4BA72541@qualys.com>
To: Maxime Henrion <mux@qualys.com>
Cc: freebsd-hackers@FreeBSD.ORG
Reply-To: chris@calldei.com
Message-id: <20000813171527.B41275@holly.calldei.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
User-Agent: Mutt/0.96.4i
References: <39970D08.4BA72541@qualys.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sunday, August 13, 2000, Maxime Henrion wrote:
> By using the 'ps' command, any user logged in the system can view all
> the running processes, including root's one and processes of other
> users. My idea is to limit a bit this behaviour.

   If you want to keep your users completely out of the main
system, including root's processes, just use jail.  This sets up
more or less a 'virtual machine' you can use to effectively act
as another running FreeBSD system.

   ``man 8 jail''.

-- 
|Chris Costello <chris@calldei.com>
|How do I set my Laser printer to "Stun"? 
`-----------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message