From owner-freebsd-questions  Thu Jan 11 16:28:27 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id QAA07899
          for questions-outgoing; Thu, 11 Jan 1996 16:28:27 -0800 (PST)
Received: from parody.tecc.co.uk (parody.tecc.co.uk [193.128.6.83])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id QAA07888
          for <freebsd-questions@freebsd.org>; Thu, 11 Jan 1996 16:28:20 -0800 (PST)
Received: (from fqueries@localhost) by parody.tecc.co.uk (8.6.12/8.6.12) id AAA01515; Fri, 12 Jan 1996 00:26:21 GMT
Date: Fri, 12 Jan 1996 00:26:21 GMT
From: James Raynard <fqueries@parody.tecc.co.uk>
Message-Id: <199601120026.AAA01515@parody.tecc.co.uk>
To: michles@haven.ios.com
CC: freebsd-questions@freebsd.org
In-reply-to: <Pine.BSD.3.91.960107210830.11412A-100000@haven.ios.com> (message from Emil Mikhles on Sun, 7 Jan 1996 21:09:36 -0500 (EST))
Subject: Re: Problems with top.
Sender: owner-questions@freebsd.org
Precedence: bulk

>>>>> Emil Mikhles <michles@haven.ios.com> writes:
>> 
>> For some reason, just now, when I execute top, when I am not root I get 
>> thiserror message "kvm_open: /dev/mem: Permission denied", any ideas on 
>> how to solve this problem?

kvm_open is a function that top calls to allow to look at various
kernel data structures. It does this by opening /dev/mem, which is
only readable by user root and group kmem:-

bash# ls -l /dev/mem
crw-r-----  1 root  kmem    2,   0 Nov 18 21:06 /dev/mem

There are several ways around this:-

1) Make top setuid root, so it has root user privileges regardless of
who is running it. Setuid root programs should be avoided if at all
possible, as there are too many risks if the program is compromised in
some way (even if only by a programming error).

2) Make top setgid kmem, so that it has kmem group privileges
regardless of who is running it. This is much better than 1), as the
scope for doing damage is considerably reduced. In fact, if you
compile top yourself, the makefile will install it setgid kmem:-

bash# ls -l /usr/local/bin/top
-rwxr-sr-x  1 root  kmem  42957 Nov 19 12:32 /usr/local/bin/top

To get your copy like this, do (as root):-

bash# chown root.kmem /usr/local/bin/top
bash# chmod g+s /usr/local/bin/top

3) If you only want a select number of people to run it and not anyone
else, you can add them to the kmem group by editing the kmem line in
/etc/group:-

kmem:*:2:root,fred,joe

James