to restrict a users to see others user process in solaris 10
exmaple:-
$ ps -aef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Sep 23 ? 0:07 sched
.......
gmb 1799 1795 0 22:17:28 pts/1 0:00 ps -aef
root 1789 181 1 22:17:19 ? 0:00 /usr/sbin/in.telnetd
root 1792 1789 1 22:17:19 pts/1 0:00 login -p -h 10.1.1.100 -d /dev/pts/1
solution:-
edit following file and un comment the following /etc/security/policy.conf file
vi /etc/security/policy.conf
PRIV_DEFAULT=basic,!proc_info --> uncomment
:wq!
now:
#su - murex
ps -aef
UID PID PPID C STIME TTY TIME CMD
murex 2201 2197 0 05:23:32 pts/1 0:00 ps -aef
murex 2197 1481 0 05:23:29 pts/1 0:00 -csh
Problem : now how can i dedicate previlege to specific user to see all process
# cat /etc/user_attr
user1::::project=user1proj;defaultpriv=basic
now:
#su - user1
$ps -aef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Jan 06 ? 0:19 sched
root 1 0 0 Jan 06 ? 0:52 /sbin/init
root 2 0 0 Jan 06 ? 0:00 pageout
root 3 0 0 Jan 06 ? 130:56 fsflush
root 7 1 0 Jan 06 ? 2:13 /lib/svc/bin/svc.startd
...
root 683 1 0 Jan 06 ? 0:00 /usr/lib/lp/local/lpsched
root 690 1 0 Jan 06 ? 126:56 /usr/sfw/sbin/snmpd
root 702 1 0 Jan 06 ? 0:00 /usr/lib/dmi/dmispd
root 717 1 0 Jan 06 ? 0:00 /opt/perf/bin/ttd
root 1458 1446 0 04:42:53 pts/1 0:00 -bash
No comments:
Post a Comment