----- Original Message ----- From: "Anthony Atkielski" <[EMAIL PROTECTED]>
To: <freebsd-questions@freebsd.org>
Sent: Thursday, January 06, 2005 3:48 AM
Subject: Re: Running top on system console without being logged on
How about creating a user like this with vipw: topper::userno:groupno::0:0:Topper Harley:/nonexistent:/usr/bin/top and then just logging in on spare console screen as topper?
I'm not sure if there are security implications though, even if the user
is not member of the wheel group etc.
I've considered this, but like you, I'm not sure of the security implications, so I haven't actually done it. And is it possible to include command-line options in the login shell command for a user?
Actually not command line options as such, but you can make a login class for the top user in /etc/login.conf and feed the options via TOP environment variable from there.
You cant shell out from top and renicing from non root account is impossible (except dropping the niceness of your own process). I think the approach is secure enough and if you give "topper" good enough password or deny logon from anywhere except from console, everything should be ok. Of course if the terminal is accessible to others than administrative staff, giving out the usernames can be a risk, but you can use the usernumbers option to avoid giving out the usernames.
Did myself something very similar with a IPless firewall between a while back but I ran vmstat in the console instead. Good one glance monitoring without the need of logging on the machine itself.
-Reko
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
