[classic-discuss] Question about "top" on TCS 2.0U1
Jaakko Heinonen
jh at tinysofa.org
Thu Jun 30 05:00:43 UTC 2005
Hi,
On Wed, Jun 29, 2005 at 21:37:26 +0200, Dominik Schips wrote:
> Now I noticed that if I use top as normal user, I can only see my own
> processes.
> Is this a "new" feature?
Yes, it's a grsecurity feature. (You have only grsecurity role based
access control disabled. There are also other grsecurity features.)
Here is the documentation of the relevant kernel config options:
onfig GRKERNSEC_PROC
bool "Proc restrictions"
help
If you say Y here, the permissions of the /proc filesystem
will be altered to enhance system security and privacy. You MUST
choose either a user only restriction or a user and group restriction.
Depending upon the option you choose, you can either restrict users to
see only the processes they themselves run, or choose a group that can
view all processes and files normally restricted to root if you choose
the "restrict to user only" option. NOTE: If you're running identd as
a non-root user, you will have to run it as the group you specify here.
config GRKERNSEC_PROC_USER
bool "Restrict /proc to user only"
depends on GRKERNSEC_PROC
help
If you say Y here, non-root users will only be able to view their own
processes, and restricts them from viewing network-related information,
and viewing kernel symbol and module information.
--
Jaakko
More information about the Classic-discuss
mailing list