Ivan Tomica

Hide other users processes on Linux

By default proc is mounted in a way that allows inspection of other users processes by any account on the system. This can be a security risk if attacker gets hold of one of the accounts on the machine as it can freely inspect processes and gather information that it perhaps shouldn’t have.

In order to restrict access we can add hidepid mount option to /etc/fstab:

proc        /proc   proc    defaults,hidepid=2    0 0

To re-mount current /proc you can use:

mount -o remount,rw,hidepid=2 /proc

But what if you need to allow specific users to access all PIDs on the system? A-ha! There’s also gid mount option which allows users that are members of this group to access all PIDs. Receives numerical group ID or simply a group name as its argument. For example:

gid=sudo

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *