| Author |
Message |
jpeddicord
Joined: 19 Jan 2008
Posts: 10
|
| Posted: Fri Jul 25, 2008 6:38 pm Post subject: restricted /proc |
|
|
I know security through obscurity is not the best practice, but I'd like to know if it's possible to restrict a user's process access to only their own. So, if a user were to check top, ps, or whatever, they would only be able to see their own processes. Keeps people from snooping on each other and cleans up the process list view.
There is a kernel patch that does this by changing permissions of nodes in /proc to 500 or 550, but since this is Xen that isn't possible. Is there a way to accomplish this with a kernel module, or maybe even jailed processes/shells using AppArmor? |
|
| Back to top |
|
fendrish78
Joined: 30 May 2008
Posts: 8
|
| Posted: Fri Jul 25, 2008 8:24 pm Post subject: |
|
|
I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.
http://www.howtoforge.com/chrooted_ssh_howto_debian |
|
| Back to top |
|
jpeddicord
Joined: 19 Jan 2008
Posts: 10
|
| Posted: Fri Jul 25, 2008 10:32 pm Post subject: |
|
|
fendrish78 wrote: I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.
http://www.howtoforge.com/chrooted_ssh_howto_debian
Seems a little overkill. It's a possibility, but one of the last I'd want. Chroots are a pain to get going and maintain during server restarts and the like. |
|
| Back to top |
|
| |
