> Dennis Clarke wrote: >> >> I personally have always wondered why the ps command display what root is >> doing to ordinary users like as if it is any of their business but that >> is another idea I just let rattle around in my head. >> > > Dennis, > > You can do this (in Solaris 10 and up) by taking away the proc_info > privilege from a user. > > $ ppriv -vl proc_info > proc_info > Allows a process to examine the status of processes other > than those it can send signals to. Processes which cannot > be examined cannot be seen in /proc and appear not to exist. > > To take away proc_info from user xyz you would add the following entry > to /etc/user_attr: > > xyz::::defaultpriv=basic,!proc_info >
ooooooh ... one moment .. I have to try that right now ! $ uname -a SunOS pluto 5.8 Generic_117350-41 sun4u sparc SUNW,Ultra-2 $ who am i dclarke pts/2 Jan 14 03:33 (titan) $ ps -ef | wc -l 43 # cat /etc/user_attr # Copyright (c) 1999 by Sun Microsystems, Inc. All rights reserved.:::: #:::: # /etc/user_attr:::: #:::: # user attributes. see user_attr(4):::: #:::: #pragma ident "@(#)user_attr 1.2 99/07/14 SMI":::: #:::: root::::type=normal;auths=solaris.*,solaris.grant;profiles=All # # remove the right to inspect processes to which a user can not send signals # essentially make other processes private if the pid is not owned by username dclarke::::defaultpriv=basic,!proc_info # okay .. $ ps -ef | wc -l 43 I'll logout and then backin ... $ ps -ef | wc -l 43 OKay .. so not a function that works in Solaris 8 Let's look at s10u2 : $ uname -a SunOS titan 5.10 Generic_118855-19 i86pc i386 i86pc $ cat /etc/release Solaris 10 6/06 s10x_u2wos_09a X86 Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. Assembled 09 June 2006 $ ppriv -vl proc_info proc_info Allows a process to examine the status of processes other than those it can send signals to. Processes which cannot be examined cannot be seen in /proc and appear not to exist. $ OKay .. we can expect it to work here then ... $ ps -ef | wc -l 86 $ # Copyright (c) 2003 by Sun Microsystems, Inc. All rights reserved. # # /etc/user_attr # # user attributes. see user_attr(4) # #pragma ident "@(#)user_attr 1.1 03/07/09 SMI" # adm::::profiles=Log Management lp::::profiles=Printer Management root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_a fter_retries=no # # remove the right to inspect processes to which a user can not send signals # essentially make other processes private if the pid is not owned by username dclarke::::defaultpriv=basic,!proc_info ~ ~ ~ ~ ~ ~ "/etc/user_attr" 16 lines, 537 characters $ ps -ef | wc -l 86 $ I guess I have to totally logout and then back in again ... ... and since I have a dozen things going here .. I'll try this tomorrow Thanks for the pointer Dennis _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org