Date: Thu, 6 Jan 2005 14:07:50 +0200 From: "Reko Turja" <reko.turja@liukuma.net> To: <freebsd-questions@freebsd.org> Subject: Re: Running top on system console without being logged on Message-ID: <015301c4f3e8$58464920$92a7cb52@rekon> References: <1761142680.20050104050725@wanadoo.fr> <040201c4f372$06d09210$92a7cb52@rekon> <1507832106.20050106024812@wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Anthony Atkielski" <atkielski.anthony@wanadoo.fr> To: <freebsd-questions@freebsd.org> Sent: Thursday, January 06, 2005 3:48 AM Subject: Re: Running top on system console without being logged on >> How about creating a user like this with vipw: >> topper::userno:groupno::0:0:Topper Harley:/nonexistent:/usr/bin/top >> and then just logging in on spare console screen as topper? >> >> I'm not sure if there are security implications though, even if the >> user >> is not member of the wheel group etc. > > I've considered this, but like you, I'm not sure of the security > implications, so I haven't actually done it. And is it possible to > include command-line options in the login shell command for a user? Actually not command line options as such, but you can make a login class for the top user in /etc/login.conf and feed the options via TOP environment variable from there. You cant shell out from top and renicing from non root account is impossible (except dropping the niceness of your own process). I think the approach is secure enough and if you give "topper" good enough password or deny logon from anywhere except from console, everything should be ok. Of course if the terminal is accessible to others than administrative staff, giving out the usernames can be a risk, but you can use the usernumbers option to avoid giving out the usernames. Did myself something very similar with a IPless firewall between a while back but I ran vmstat in the console instead. Good one glance monitoring without the need of logging on the machine itself. -Reko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015301c4f3e8$58464920$92a7cb52>