Menno Lageman wrote:
Dennis Clarke wrote:
I personally have always wondered why the ps command display what
root is
doing to ordinary users like as if it is any of their business but that
is another idea I just let rattle around in my head.
Dennis,
You can do this (in Solaris 10 and up) by taking away the proc_info
privilege from a user.
$ ppriv -vl proc_info
proc_info
Allows a process to examine the status of processes other
than those it can send signals to. Processes which cannot
be examined cannot be seen in /proc and appear not to exist.
To take away proc_info from user xyz you would add the following entry
to /etc/user_attr:
xyz::::defaultpriv=basic,!proc_info
And the less you can do as a normal user, the more people will be
tempted to run as root all the time. Life (and hence security) is full
of these little tradeoffs.
--
David Dyer-Bennet, [EMAIL PROTECTED]; http://dd-b.net/dd-b
Pics: http://dd-b.net/dd-b/SnapshotAlbum,
http://dd-b.net/photography/gallery
Dragaera: http://dragaera.info
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
