View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions restricted /proc
Log in to Ask a Question

restricted /proc

general

I know security through obscurity is not the best practice, but I'd like to know if it's possible to restrict a user's process access to only their own. So, if a user were to check top, ps, or whatever, they would only be able to see their own processes. Keeps people from snooping on each other and cleans up the process list view.

There is a kernel patch that does this by changing permissions of nodes in /proc to 500 or 550, but since this is Xen that isn't possible. Is there a way to accomplish this with a kernel module, or maybe even jailed processes/shells using AppArmor?

2 Replies

I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.

http://www.howtoforge.com/chrootedsshhowto_debian

@fendrish78:

I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.

http://www.howtoforge.com/chrootedsshhowto_debian

Seems a little overkill. It's a possibility, but one of the last I'd want. Chroots are a pain to get going and maintain during server restarts and the like.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct