From owner-freebsd-questions Sun May 5 21:35:44 2002 Delivered-To: freebsd-questions@freebsd.org Received: from bastion2.act.csiro.au (bastion2.act.csiro.au [152.83.2.9]) by hub.freebsd.org (Postfix) with ESMTP id 47DB437B404 for ; Sun, 5 May 2002 21:35:40 -0700 (PDT) Received: from bastion2.act.csiro.au (localhost [127.0.0.1]) by bastion2.act.csiro.au (8.11.4/8.11.4) with ESMTP id g464Za507812 for ; Mon, 6 May 2002 14:35:36 +1000 (EST) Received: from hermes.la.csiro.au (hermes.la.csiro.au [152.83.12.2]) by bastion2.act.csiro.au (8.11.4/8.11.4) with ESMTP id g464ZY807797; Mon, 6 May 2002 14:35:34 +1000 (EST) Received: by hermes.la.csiro.au with Internet Mail Service (5.5.2653.19) id ; Mon, 6 May 2002 14:35:33 +1000 Message-ID: <4ABEF4D887D40745B8D6804C2FFA939F1A75B6@hermes.la.csiro.au> From: Anthony.Wyatt@csiro.au To: default013subscriptions@hotmail.com, freebsd-questions@FreeBSD.ORG Subject: RE: Quick Question Regarding PS Date: Mon, 6 May 2002 14:35:32 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Default, I just stumbled upon this: http://draenor.org/securebsd/ Here are the relevent parts (all (c) draenor.org ): o Hiding processes You can also limit what processes a user can see when using the ps(1) command. By default, FreeBSD will allow users to see all processes on the system, including those that do not belong to them. You may wish to only allow the user to see processes owned by them. To do this, you may use the kern.ps_showallprocs sysctl variable. You can change this while the system is running by issuing the following command: sysctl kern.ps_showallprocs=0 To make this change permanent, insert the following line into /etc/sysctl.conf: kern.ps_showallprocs=0 The root user is not affected by kern.ps_showallprocs and can always see all processes. While this method is effective for limiting what output ps(1) gives, it will not stop an attacker from traversing /proc to find out what processes are running. See 'Disabling procfs' for more information. o Disabling procfs procfs can be used to gather information on running processes. It is required for the complete operation of programs such as ps(1), w(1) and truss(1). Due to the amount of information that procfs may yield many administrators feel that it is advantageous to disable this filesystem. This step is ENTIRELY voluntary. You do not need to disable this if you do not want to. To disable procfs, add the NOAUTO option to /etc/fstab for this filesystem. You may then mount it manually if needed. Anthony > -----Original Message----- > From: default [mailto:default013subscriptions@hotmail.com] > Sent: Monday, 6 May 2002 11:03 AM > To: FreeBSD-Questions > Subject: Quick Question Regarding PS > > > Hi, I'm running on FreeBSD 4.1 which doesn't have the sysctl option > (showallprocs) ... I am trying to think of a good way to let > my users only see their own processes, and I am not much of a > programmer... > > I was thinking of making a bash script that would do ps only > showing the user's processes, replacing the ps command with > that, and changing ps's name to something that no one would > think of... > > but... before I do... I was wondering, are there any system > resources that use PS? ... anything I should be worried about > in this scenario? > > Thanks much > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message