Wednesday 30 March 2016

how to restrict a users to see others user process in solaris 10?


 to restrict a users to see others user process in solaris 10

exmaple:-
$ ps -aef
     UID   PID  PPID   C    STIME TTY         TIME CMD
    root     0     0   0   Sep 23 ?           0:07 sched
    .......
     gmb  1799  1795   0 22:17:28 pts/1       0:00 ps -aef
    root  1789   181   1 22:17:19 ?           0:00 /usr/sbin/in.telnetd
    root  1792  1789   1 22:17:19 pts/1       0:00 login -p -h 10.1.1.100 -d /dev/pts/1

solution:-


edit following file and un comment the following /etc/security/policy.conf file

vi /etc/security/policy.conf
PRIV_DEFAULT=basic,!proc_info  --> uncomment

:wq!

now:
#su - murex
 ps -aef
     UID   PID  PPID   C    STIME TTY         TIME CMD
   murex  2201  2197   0 05:23:32 pts/1       0:00 ps -aef
   murex  2197  1481   0 05:23:29 pts/1       0:00 -csh


Problem : now how can i dedicate previlege to specific user to see all process
# cat /etc/user_attr

user1::::project=user1proj;defaultpriv=basic

now:

#su - user1
$ps -aef
   UID   PID  PPID   C    STIME TTY         TIME CMD
    root     0     0   0   Jan 06 ?           0:19 sched
    root     1     0   0   Jan 06 ?           0:52 /sbin/init
    root     2     0   0   Jan 06 ?           0:00 pageout
    root     3     0   0   Jan 06 ?         130:56 fsflush
    root     7     1   0   Jan 06 ?           2:13 /lib/svc/bin/svc.startd
 ...
    root   683     1   0   Jan 06 ?           0:00 /usr/lib/lp/local/lpsched
    root   690     1   0   Jan 06 ?         126:56 /usr/sfw/sbin/snmpd
    root   702     1   0   Jan 06 ?           0:00 /usr/lib/dmi/dmispd
    root   717     1   0   Jan 06 ?           0:00 /opt/perf/bin/ttd
    root  1458  1446   0 04:42:53 pts/1       0:00 -bash

No comments:

Post a Comment