SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.
Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk.
Well I have a shell account in 1and1.com which is running linux (with grsecurity) and I found it interesting (cool beans) that the output of 'ps -aux' would only bring up processes the user is running (no root process or other user processes, just mine).
There has to be some easier way, cuz I don't know how to 'code' a wrapper program.
Originally posted by puffinman I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.
Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk.
Of course it's possible.
I presume that it may not be worth the trouble it would probably take.
Originally posted by puffinman I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.
Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk.
There has to be some easier way, cuz I don't know how to 'code' a wrapper program.
Well, a simple wrapper is very simple. For example, you can cripple ps by not allowing any options at all. Move ps to say, oldps, then make the new ps this:
Code:
#!/bin/sh
exec oldps
If you wanted to control it more than this, you would have to check each argument to see whether it provides more information than you want people to have, and pass the allowed arguments on to oldps in the exec. You would have to think about it carefully, because ps has a LOT of options.
Originally posted by puffinman Well, a simple wrapper is very simple. For example, you can cripple ps by not allowing any options at all. Move ps to say, oldps, then make the new ps this:
Code:
#!/bin/sh
exec oldps
If you wanted to control it more than this, you would have to check each argument to see whether it provides more information than you want people to have, and pass the allowed arguments on to oldps in the exec. You would have to think about it carefully, because ps has a LOT of options.
Did a bit of googling, and you're right it isn't worh it the hassle. Someone could just download a binary of ps and put it in their home directory and execute it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.