HPE Community
Operating System - HP-UX
1836582 Members
1362 Online
110102 Solutions
New Discussion

ps -ef

 
richard barr
Occasional Contributor

‎02-08-2001 08:22 AM

‎02-08-2001 08:22 AM

ps -ef

What change can I make on a HP-9000 sever running OS 10.20 that will only allow users to see their own process when doing a ps -ef command. I do not wish general users to have access to see all processes system or other users.

R-
UNIX System Administrator
0 Kudos
Reply
3 REPLIES 3
Rita C Workman
Honored Contributor

‎02-08-2001 08:42 AM

‎02-08-2001 08:42 AM

Re: ps -ef

So many ways to answer this...here's just one:

You could set up a small script in their .profile that runs as soon as they login and gives them options to choose what you want to allow them do to...within the script when they select the ps -ef option it would grep and only extract their jobs...

/rcw
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎02-08-2001 02:10 PM

‎02-08-2001 02:10 PM

Re: ps -ef

Richard:

Here's one way [if you can take (and keep)control of the user's profile].

Add to the user's profile at the end, the following:

# function ps
# {
# if [ $# -eq 0 ]
# then
# command ps
# else
# command ps $@|grep $LOGNAME
# fi
# }

This will allow the user to do the 'ps' command with or without options but will show only processes associated with him/her.

...JRF...
0 Kudos
Reply
Wodisch
Honored Contributor

‎02-10-2001 01:23 PM

‎02-10-2001 01:23 PM

Re: ps -ef

Hello Richard,

just move the "ps" codefile aside to something like
"/usr/bin/ps2" and change group to a new group
like "psgrp". Then change permissions to make it
executable only for that group, i.e. "chmod 710 ps2".
Now create a shell-script in the place of the old "ps",
permissions "2551", i.e. SGID and owned by group
"psgrp" and a content like that:

#!/usr/bin/sh
usage() {
echo "illegal parameter: -u|-e are not allowed" >&2
exit 1;
}
args=""
while [ $# -gt 0 ]; do
case "$1" in
-*e*| -*u*) usage ;;
-*| *) args="$args $1" ;;
esac
shift
done
/usr/bin/ps2 -u $(logname) $args
# end of script

It is not bullet proof but should give you an idea ;-)
The only "dangerous" options would be "-e" (each
process) and "-u username", the rest is ok. And call
it with "-u $(logname)" to make shure your user is
able to see his/her own processes in different sessions!

HTH,
Wodisch
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.