restrict TOP command to a particular user

user · May 5, 2009, 4:51pm

Hello folks,

My question is regarding administration.

Generally, the TOP command gives the number of processes running on the system by users. One can select a particular user by giving option “u”.

How can the user be prevented from viewing other’s processes running on the system? What I mean is that the “u” option doesn’t work and only the root can use that.

microchip8 · May 5, 2009, 4:55pm

I don’t quite get your question. Are you saying that -u does not work for normal users when ran with normal priviledges? top -u <unername> works here under normal user priviledge

ken_yap · May 5, 2009, 5:00pm

Just curious, why do you want to do this? Generally the names of the other processes on the system are not secrets. If not top, there are other ways for users to get this information.

microchip8 · May 5, 2009, 5:06pm

yes, there are other ways of finding out processes (ps and such). To add further, top supports configuration files but I’m not sure if one can restrict users by adding something to the config file. The OP may need to consult the man page of top for that

Monex · May 5, 2009, 6:33pm

Hi,

I’ve read about a kernel patch which can prevent this behavior called grsecurity but you have to recompile the kernel and it is only available for kernel version <= 2.6.24.4.

Have a lot of fun

Akoellh · May 5, 2009, 8:44pm

Maybe the process “keylogger.bin” should be a secret on that machine.

scnr

user · May 6, 2009, 2:32pm

Here is the reason for my question…

With “top -u myself”, I can only see my jobs running on the local machine. If I try “top -u other_user (even root)” , I see no process running. This is not possible as there will always be root processes running. The same thing is with “ps”. On the other hand if I try “finger”, I can see others who have logged in to my machine.

So, I want to know how one can put such a restriction on ordinary user account.

cjtj

FeatherMonkey · May 6, 2009, 2:48pm

I think you need to be looking around profiles and aliases as for the specifics can’t really help, perhaps it is feasible to lock ~/.bashrc down but

an alias like
top -u $USER

will work as for implementing and stopping someone overruling it. Not sure, I would thought something around profile would but have little knowledge about that.

user · May 7, 2009, 11:54am

Hi Monex,

I talked to our system administrator and he gave the same answer as yous.

Thank you very much…

cjtj