LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 04-25-2005, 10:33 PM   #1
houler
Member
 
Registered: Mar 2005
Distribution: Slackware 10.1, Kernel 2.6.14.4 (custom)
Posts: 166

Rep: Reputation: 30
Question confine the output of 'ps -aux' for a user?


I was wondering, is there a way to confine the output results of ps -aux?

I want to make it so that the users can only see his/her own processes and not other people's processes, no matter what 'ps' commands the user runs.
 
Old 04-25-2005, 11:05 PM   #2
puffinman
Member
 
Registered: Jan 2005
Location: Atlanta, GA
Distribution: Gentoo, Slackware
Posts: 217

Rep: Reputation: 31
I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.

Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk.
 
Old 04-25-2005, 11:10 PM   #3
houler
Member
 
Registered: Mar 2005
Distribution: Slackware 10.1, Kernel 2.6.14.4 (custom)
Posts: 166

Original Poster
Rep: Reputation: 30
Well I have a shell account in 1and1.com which is running linux (with grsecurity) and I found it interesting (cool beans) that the output of 'ps -aux' would only bring up processes the user is running (no root process or other user processes, just mine).

There has to be some easier way, cuz I don't know how to 'code' a wrapper program.
 
Old 04-25-2005, 11:11 PM   #4
Social Burn
LQ Newbie
 
Registered: Aug 2004
Location: Indiana, Pennsylvania
Distribution: Slackware 8.1, 9.1, 10.0, 10.1, Slamd64
Posts: 11

Rep: Reputation: 0
Quote:
Originally posted by puffinman
I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.

Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk.
Of course it's possible.

I presume that it may not be worth the trouble it would probably take.
 
Old 04-25-2005, 11:23 PM   #5
houler
Member
 
Registered: Mar 2005
Distribution: Slackware 10.1, Kernel 2.6.14.4 (custom)
Posts: 166

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by puffinman
I don't think this is possible, and even if it were, process information could still be gleaned directly from /proc. A kludge would be to write a wrapper program for ps which checks arguments and ensures only processes from the current user are printed. You could move ps to some other name, and have the new ps call the old one. If you wanted to make sure nobody called the old ps, set it executable for root only and then make the new ps suid root.

Disclaimer: I don't think the above is a good idea, I'm just saying how it could be done. Do this at your own risk.

I found some patch info for this:

http://www.debianhowto.de/howtos/en/...rsecurity.html

Last edited by houler; 04-25-2005 at 11:40 PM.
 
Old 04-25-2005, 11:33 PM   #6
puffinman
Member
 
Registered: Jan 2005
Location: Atlanta, GA
Distribution: Gentoo, Slackware
Posts: 217

Rep: Reputation: 31
Quote:
There has to be some easier way, cuz I don't know how to 'code' a wrapper program.
Well, a simple wrapper is very simple. For example, you can cripple ps by not allowing any options at all. Move ps to say, oldps, then make the new ps this:

Code:
#!/bin/sh
exec oldps
If you wanted to control it more than this, you would have to check each argument to see whether it provides more information than you want people to have, and pass the allowed arguments on to oldps in the exec. You would have to think about it carefully, because ps has a LOT of options.
 
Old 04-25-2005, 11:40 PM   #7
houler
Member
 
Registered: Mar 2005
Distribution: Slackware 10.1, Kernel 2.6.14.4 (custom)
Posts: 166

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by puffinman
Well, a simple wrapper is very simple. For example, you can cripple ps by not allowing any options at all. Move ps to say, oldps, then make the new ps this:

Code:
#!/bin/sh
exec oldps
If you wanted to control it more than this, you would have to check each argument to see whether it provides more information than you want people to have, and pass the allowed arguments on to oldps in the exec. You would have to think about it carefully, because ps has a LOT of options.
Did a bit of googling, and you're right it isn't worh it the hassle. Someone could just download a binary of ps and put it in their home directory and execute it.


Where in /proc could i see process information?
 
Old 04-25-2005, 11:44 PM   #8
puffinman
Member
 
Registered: Jan 2005
Location: Atlanta, GA
Distribution: Gentoo, Slackware
Posts: 217

Rep: Reputation: 31
Quote:
Where in /proc could i see process information?
Try man proc.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fvwm: how do i confine windows? SciYro Linux - Software 0 09-02-2005 10:56 PM
user shows up as a number in ps aux chibi Linux - General 3 05-04-2005 08:40 AM
ps -aux output: CROND running repeatedly redhatman Linux - Newbie 1 03-29-2004 08:51 PM
help me analyze the output of ps -aux slackist Linux - Newbie 5 03-28-2004 08:20 AM
wu-ftp confine real users to a specific directory thb Linux - Networking 1 02-06-2002 07:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration