Skip to content


How to hide processes from other users in Linux’s “top”

A few months ago, I had to set up a server where a bunch of people would need to connect to directly access a MariaDB SQL database, with also an SSH access for tunneling. A few users would also use that server for other purposes, and I didn’t want everyone to view everyone else’s processes, which to my surprise was possible by default (if any user runs top, they can see everyone’s running processes :s).

Starting with Linux kernel version 3.2, a setting was (finally) added to prevent unprivileged users from seeing each others’ processes. Basically, you need to set the hidepid option to 2 for the /proc filesystem:

nano /etc/fstab
– Find the line starting with “proc”
– Add hidepid=2 to the options

For instance, the line:

proc            /proc   proc    defaults      0       0

Becomes

proc            /proc   proc    defaults,hidepid=2      0       0

Then don’t forget to save and restart

Note that sometimes the proc line can be missing (I have this case on a VPS), I’m not sure what should be done then… Maybe adding the proc line as quoted above would work (?)

Update (2018-09-10)

I just had the case of the missing proc line in a recent install of Kubuntu 18.04 on a new PC (which used UUID= as a way to name devices in there), and adding the proc line, as mentioned in this old Red Hat ticket, did work. Here’s my full /etc/fstab file, for illustration purpose:

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#                
# / was on /dev/sda2 during installation
UUID=7d74ab46-7af7-4f19-8063-89cb86870a83 /               ext4    errors=remoun$
# /boot/efi was on /dev/sda1 during installation
UUID=DB49-AA98  /boot/efi       vfat    umask=0077      0       1
/swapfile                                 none            swap    sw           $
proc            /proc   proc    defaults,hidepid=2      0       0

Posted in Linux, servers.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA