restricted /proc

I know security through obscurity is not the best practice, but I'd like to know if it's possible to restrict a user's process access to only their own. So, if a user were to check top, ps, or whatever, they would only be able to see their own processes. Keeps people from snooping on each other and cleans up the process list view.

There is a kernel patch that does this by changing permissions of nodes in /proc to 500 or 550, but since this is Xen that isn't possible. Is there a way to accomplish this with a kernel module, or maybe even jailed processes/shells using AppArmor?

2 Replies

I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.

http://www.howtoforge.com/chrootedsshhowto_debian

@fendrish78:

I am pretty sure you can do what you want by chrooting ssh. Below is howto based on debian but you should be able to adapt to just about anything.

http://www.howtoforge.com/chrootedsshhowto_debian

Seems a little overkill. It's a possibility, but one of the last I'd want. Chroots are a pain to get going and maintain during server restarts and the like.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct