1

I am in the process of creating a secured shared hosting and, between the hosting features, I want to give SSH access.
I've already chrooted the users via SSH, FTP and PHP (using PHP-FPM), and would like to improve the hosting's security even more.
I want the users not being able to see each other's processes, and I've already patched the kernel to do so (this way): it works in top and ps, but the PIDs are still visible in the chroot /proc directory:

-bash-4.1$ ls -l /proc
total 0
dr-x------  6     0     0               0 Jun 21 10:38 1
dr-x------  6     0     0               0 Jun 21 10:38 10
dr-x------  6     0     0               0 Jun 21 10:38 1006
dr-x------  6     0     0               0 Jun 21 10:38 1008
dr-x------  6     0     0               0 Jun 21 10:38 1009
dr-x------  6     0     0               0 Jun 21 10:38 1010
dr-x------  6     0     0               0 Jun 21 10:38 1011
dr-x------  6     0     0               0 Jun 21 10:38 1035

The patch linked before changes the /proc PID directory permissions, so that only the owner can read it (and of course, root), thus making it not visible in top.
I think I've already seen it somewhere, but couldn't find it anymore: is there a way avoiding other users seeing directories not belonging to them? (right now they can't access them, but I want to make them invisible! :P )

Alessio Periloso
  • 188
  • 1
  • 9
  • I was looking for a solution to this, and read about Linux ACL here: http://www.suse.de/~agruen/acl/linux-acls/online/#SECTION00040000000000000000 Still nothing about hiding though :( – Alessio Periloso Jun 21 '12 at 11:31

1 Answers1

1

The solution to avoid showing each other user's processes is solvable patching the kernel with the tpe-lkm patch, available here.
There are anyway even more features than just hiding processes, and all of them will be really useful to my setup! :)
Thanks to anyone who was interested in this but couldn't solve the problem... this could be one of the possible solutions! :P

Alessio Periloso
  • 188
  • 1
  • 9