1
I was under the impression that, for security reasons, one user cannot see processes (and their respective command-lines) run by another user.
Why is it when I run top on a Linux 2 AMI I can see root's processes?
Gili
Posted 2019-09-06T19:18:51.540
Reputation: 1 559
0
Per https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ the default behavior of /proc allows any user to view all processes and command-lines:
hidepid=0 – The old behavior – anybody may read all world-readable /proc/PID/* files (default).
hidepid=1 – It means users may not access any /proc// directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users.
hidepid=2 It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.
It should be possible to remount /proc with hidepid to solve this problem.
Type the following mount command:
# mount -o remount,rw,hidepid=2 /procEdit /etc/fstab, enter:
# vi /etc/fstabUpdate/append/modify proc entry as follows so that protection get enabled automatically at server boot-time:
## append the following line ## proc /proc proc defaults,hidepid=2 0 0Save and close the file.
Gili
Posted 2019-09-06T19:18:51.540
Reputation: 1 559
Your impression is wrong. (Sorry, its that simple). Any user can see the list of running processes. Its a good question though - why does Linux have this behaviour? That I can't answer definitively - I'm guessing its because the process you run need to know their relationship to other processes and are kept in a single structure, so any process can parse that list? – davidgo – 2019-09-06T19:33:36.627