> On Wed, Sep 08, 1999, Gustavo V G C Rios wrote: > > Dear gentleman, > > > One clear example: > > No user(but only that ones previous allowed to) should be able to see > > other users process. This facility have to be done at kernel level, > > (that's what i think). > > Define "see". Access the memory? See that it is running? > View the argv list? I don't see how this would affect privacy.
I used to work somewhere where we didn't wany any of the users to know anything about any other groups of users processes. We did this by restricting ps to only show other procs that had the same primary group as the person executing ps. Root and group wheel (or some equivalent) could always see all running procs. You could always go hunting through the file systems, but their own directory permissions were their problem, not ours. This was a computing center site with several Crays, where customer names were kept private, and we had companies that were in competition with each other using our machines. The competition didn't want each other even knowing what applications they were running, because that might give them some insight into what they were doing (keyword here: paranoid). We might have also hacked w/who/finger/last to never print the host names/addresses so no one could nslookup the addresses and really figure out where the customers were logging in from. This was to stop them from finding out the competition was also one of our customers. So I can see situations where this might be useful, I'm not sure that these types of customers are really going to ever be sharing a FreeBSD machine, but you never know. -Mike -- Mike Pritchard m...@freebsd.org or m...@mpp.pro-ns.net To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message