A few months ago, I had to set up a server where a bunch of people would need to connect to directly access a MariaDB SQL database, with also an SSH access for tunneling. A few users would also use that server for other purposes, and I didn’t want everyone to view everyone else’s processes, which to my surprise was possible by default (if any user runs top, they can see everyone’s running processes :s).
Starting with Linux kernel version 3.2, a setting was (finally) added to prevent unprivileged users from seeing each others’ processes. Basically, you need to set the hidepid option to 2 for the /proc filesystem:
– nano /etc/fstab
– Find the line starting with “proc”
– Add hidepid=2 to the options
For instance, the line:
proc /proc proc defaults 0 0
Becomes
proc /proc proc defaults,hidepid=2 0 0
Then don’t forget to save and restart
Note that sometimes the proc line can be missing (I have this case on a VPS), I’m not sure what should be done then… Maybe adding the proc line as quoted above would work (?)
Update (2018-09-10)
I just had the case of the missing proc line in a recent install of Kubuntu 18.04 on a new PC (which used UUID= as a way to name devices in there), and adding the proc line, as mentioned in this old Red Hat ticket, did work. Here’s my full /etc/fstab file, for illustration purpose:
# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # ## / was on /dev/sda2 during installation UUID=7d74ab46-7af7-4f19-8063-89cb86870a83 / ext4 errors=remoun$ # /boot/efi was on /dev/sda1 during installation UUID=DB49-AA98 /boot/efi vfat umask=0077 0 1 /swapfile none swap sw $ proc /proc proc defaults,hidepid=2 0 0
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.