On Thu, Sep 09, 1999, Mike Pritchard wrote: > I used to work somewhere where we didn't wany any of the users > to know anything about any other groups of users processes. > We did this by restricting ps to only show other procs that > had the same primary group as the person executing ps. > Root and group wheel (or some equivalent) could always see > all running procs. You could always go hunting through the > file systems, but their own directory permissions were their problem, > not ours.
It would be trivial, in FreeBSD. Simply hack a few lines of VFS code in procfs to change permissions from (S_IRUSR | S_IRGRP | S_IROTH | S_IXUSR | S_IXGRP | S_IXOTH) to (S_IRUSR | S_IRGRP | S_IXUSR | S_IXGRP) ^^^^^^^ ^^^^^^^ Optional; if you don't want people in the same group seeing processes, do not use these permissions. I haven't looked into it, but it should be rather trivial, if such security is important. > -Mike > -- > Mike Pritchard > m...@freebsd.org or m...@mpp.pro-ns.net > > > To Unsubscribe: send mail to majord...@freebsd.org > with "unsubscribe freebsd-hackers" in the body of the message -- |Chris Costello <ch...@calldei.com> |Feet Smell? Nose Run? Hey, you're upside down! `------------------------------------------------- To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message