Prevent users from viewing other user processes?

**Theit** · 08-30-2004

I recently installed a new copy of Mandrake 9.2 and set the security level to 4 (Higher). I noticed when I started creating users that people could not view the process list because the /proc dir was chmoded 550 with root owner/group.

If I allow access to the proc, that means they can see all processes. I don't want that. I tried making a small program to prevent `ps -a` or `ps -U root`, but it doesn't work because it has to call the original PS at some point.

Is there a simple way to limit users to only viewing their processes? Or, if not, change it so that when a process is created, it is owned by that user and group and chmodded to 550?

(If anyone cares... ps1 and ps2 tests:
http://brajah.com/ps.txt )

Thanks in advance for taking a look at my problem.
Jack
root at brajah.com
Aim: Greenday8514
MSN: same as email.

**jeremy1701** · 08-30-2004

I think you should be able to do something like

Code:

ps --User Jack

From:

http://linux.about.com/library/cmd/blcmdl1_ps.htm

Hope that helps,
Jeremy

**Theit** · 08-30-2004

That would work, however, they would still be able to change it, if it were an alias.
I was thinking more along the lines of forcing them to only look at their processes, but there's no file that root can own that dictates ps defaults.

Thanks though,
Jack

**jeremy1701** · 08-30-2004

You could create a script that will disregard all ps switches and only display the user.

Jeremy

Thread Tools

Display

Prevent users from viewing other user processes?

Posting Permissions