Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What would it take to change the permissions of the core kernel functions? For example, I don't want users to be able to see what processes are running or open network connections. You can change the permissions of ps and netstat, but it is still possible for users to write programs to request the same information from the kernel. Is there any way to prevent this without rewriting the kernel?
What would be the whole reason behind this? If you've setup your host correctly, you shouldn't have to worry about regular users who can view processes running. If I were a user that had access to a host, if one of my applications was hung or not, it would be rather handy to see the process running, get the id of it, so I could kill it, restart it, etc.
I fail to see the reasoning behind what your wanting to accomplish.
Look into something like grsecurity or SELinux. Neither are exactly trivial to set up with a custom configuration, though. I suppose you could also not mount /proc so people couldn't read any of the files in there, but it would undoubtedly break some stuff. Beyond that, you might have to get into some custom kernel hacking.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.