I don't want that the regular user may explore what processes are running on the system by other users/root.

How may RHEL 4/5 be restricted in that way?

One possibility would be XEN and a seperate virtual machine per user. But I want all users to share the same machine.

Any particularly compelling reason why not? (Just curious if this is an "official" requirement of sorts or just a misunderstanding of discretionary access rights.)


GRsecurity has a sysctl to limit scope of processes to their owner, RSBAC apparently has something similar called "CAP process hiding" and SELinux I don't know (and I haven't yet tried having both SELinux and GRSecurity in one kernel). These are invasive methods since they require a kernel patch but acceptable and mainstream solutions. I don't know any solid userland implementations (think syscall interception with an LD_PRELOAD) and while I've seen people in other threads mess with like replacing /bin/ps with a script that basically does something like "/some/path/ps.old U $UID", IMHO those kludges are easy to circumvent (introduce something like Busybox or your own procps utils, walk /proc, locate old binary or use other utilities).

For example if unpriviledged users are logged in to the system, they are able to find out, what ssh connections other users run or there may be the possibility that login credentials are used in plaintext by unexperienced users and that would be visible with the ps command.

Also the user should not know what daemons are running on the system. So that it is more difficult to find exploits for the system.

Apart from the credentials stuff (IMHO education first of all) it all points towards system hardening. Not being able to see other processes can be a part of that. Unfortunately the most invasive things (like drafting a policy, kernel and package choice) are best dealt with before or during the installation. Did you by any chance read RHEL admininstration docs and basic hardening tutorials already?