How to prevent users form seeing other user processes with loginctl/systemctl ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Is there a way to hide process information (pids, command line) and prevent one user accessing other user processes information. 

On a shared system this can be a potential security risk and I really do not like idea users inspecting each other's running processes.  
Here I have user bob accessing user alice process info but same can be done even to inspect root users processes 

systemd 247 (247.3-7+deb11u2)
Linux systemd-vps 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux

bob@systemd-vps:~$ loginctl user-status alice
alice (1002)
           Since: Sun 2023-06-04 08:37:18 UTC; 2min 39s ago
           State: active
        Sessions: *7
          Linger: no
            Unit: user-1002.slice
                  ├─session-7.scope
                  │ ├─1025 sshd: alice [priv]
                  │ ├─1046 sshd: alice@pts/1
                  │ ├─1047 -bash
                  │ ├─1305 bash myapp.sh
                  │ └─1306 sleep 5
                  └─user@1002.service
                    └─init.scope
                      ├─1028 /lib/systemd/systemd --user
                      └─1029 (sd-pam)



 bob@systemd-vps:~$ loginctl user-status root
root (0)
           Since: Sun 2023-06-04 09:43:03 UTC; 3min 45s ago
           State: active
        Sessions: 5 *1
          Linger: no
            Unit: user-0.slice
                  ├─session-1.scope
                  │ ├─740 sshd: root@pts/0
                  │ ├─765 -bash
                  │ ├─769 su - bob
                  │ ├─770 -bash
                  │ ├─877 loginctl user-status root
                  │ └─878 less
                  ├─session-5.scope
                  │ ├─820 sshd: root@pts/2
                  │ ├─826 -bash
                  │ └─872 sleep 100
                  └─user@0.service
                    └─init.scope
                      ├─747 /lib/systemd/systemd --user
                      └─748 (sd-pam)


Best regards,
Ante
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux