restricted /proc

general

I know security through obscurity is not the best practice, but I'd like to know if it's possible to restrict a user's process access to only their own. So, if a user were to check top, ps, or whatever, they would only be able to see their own processes. Keeps people from snooping on each other and cleans up the process list view.

There is a kernel patch that does this by changing permissions of nodes in /proc to 500 or 550, but since this is Xen that isn't possible. Is there a way to accomplish this with a kernel module, or maybe even jailed processes/shells using AppArmor?

2 Replies

forum:fendrish78 16 years, 3 months ago

I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.

http://www.howtoforge.com/chrootedsshhowto_debian

forum:jpeddicord 16 years, 3 months ago

~~@fendrish78:~~

I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.

http://www.howtoforge.com/chrootedsshhowto_debian

Seems a little overkill. It's a possibility, but one of the last I'd want. Chroots are a pain to get going and maintain during server restarts and the like.

Reply

Description

Please enter an answer

Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

restricted /proc

2 Replies

Reply

Tips: