/proc and hidepid (hide processes of other users)

atelszewski · 09-11-2015, 07:36 AM

Hi,

I just thought that I share with you what I have just found. Currently I'm testing this option, but as my system is not running many services nor it has many users, I cannot tell how hard and how helpful/harmful it could be.

Since kernel 3.2+ (http://tuxdiary.com/2014/08/23/hidepid/), the /proc can be mounted with hidepid option, which basically hides all the processes run by other users. I placed it in rc.local:

Code:

/sbin/mount -oremount,hidepid=2,gid=showpid /proc

I have added additional group showpid (currently empty), that enables all the users belonging to this group to view all the processes in the system. This might be needed for services that are not running as root but need to learn about processes of different users.

This option might not be well known, as searching through LQ brings no results.
You can find more info trying to search using your favourite web search service

After enabling this option, try ps aux or going into /proc and you'll notice how clean they look

BTW, as always, root can see everything...

--
Best regards,
Andrzej Telszewski

Richard Cranium · 09-12-2015, 05:28 AM

Cool. I learned something new today. Thanks!

orbea · 08-24-2018, 01:57 PM

Old thread, but does someone know why this doesn't work when put in /etc/fstab with Slackware 14.2? Remounted like in /etc/rc.d/rc.local works, but I'm a bit confused why /etc/fstab is not being respect for /proc?

Richard Cranium · 08-24-2018, 06:37 PM

It might be mounted with other options in the initrd.

orbea · 08-25-2018, 08:16 AM

Thanks! That seems quite plausible. I unpacked my initrd.gz and found this.

Code:

# Mount /proc and /sys:
mount -n proc /proc -t proc
mount -n sysfs /sys -t sysfs
mount -n tmpfs /run -t tmpfs -o mode=0755,size=32M,nodev,nosuid,noexec