HPE Community
Operating System - HP-UX
1832751 Members
2823 Online
110045 Solutions
New Discussion

Suppress ps -ef command line args

 
Purusa
Frequent Advisor

‎04-23-2006 10:38 PM

‎04-23-2006 10:38 PM

Suppress ps -ef command line args

Hi,

Guys I have been coming back to you after a long gap.
The issue I am currently facing is as follows:

Process A is talking to Process B. A invokes B(executable) by providing some arguments. Process A is a unix script. Now, if I do "ps -ef" during communication between 2 processes, I can see the command line arguments being passed by A to B.

I need to hide these arguments from the user. Let me know if there is a workaround to suppress these arguments from appearing in the output of ps -ef or any command.

Thanks & Regards,
Pankaj
A deep chasm can't be crossed in two steps
0 Kudos
Reply
6 REPLIES 6
Pete Randall
Outstanding Contributor

‎04-23-2006 10:41 PM

‎04-23-2006 10:41 PM

Re: Suppress ps -ef command line args

Could Process A output the arguments to a file that would then be read by Process B?


Pete

Pete
0 Kudos
Reply
Peter Godron
Honored Contributor

‎04-23-2006 10:44 PM

‎04-23-2006 10:44 PM

Re: Suppress ps -ef command line args

Pankaj,
use a file for process A to wtite the parameters, then let process B read that file.
0 Kudos
Reply
Purusa
Frequent Advisor

‎04-23-2006 10:47 PM

‎04-23-2006 10:47 PM

Re: Suppress ps -ef command line args

Hi Pete/Peter,

Thanks for your response.

That seems to be a good option, however I have some constraints regarding executable B. It is presently reading the parameters from command line and I can't change its design.

Waiting for something more on this...

Thanks and regards,
Pankaj

A deep chasm can't be crossed in two steps
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎04-23-2006 11:09 PM

‎04-23-2006 11:09 PM

Re: Suppress ps -ef command line args

There is no way to change the behavior of ps -- it will report the up to 60 characters (longer if -x is used) from the command line. The only solution is to create a wrapper, a short script that is named ps and parses the output to rfemove the arguments. This could get quite complicated if options like -H and -o are invoked by the user. If the target script/program requires secured parameters, it should be a priority to rewrite the code to accept the values from a file.


Bill Hassell, sysadmin
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎04-24-2006 01:50 AM

‎04-24-2006 01:50 AM

Re: Suppress ps -ef command line args

This would be my suggestion.

Create a new user, named for example ps.

Create a new group for this user, called for example ps.

Now you get a user named ps in a group named ps.

Change the owner and permissions of the ps command:

chmod 550 /bin/ps
chown ps:ps /bin/ps

Add the users that you want to normally use ps in the "ps" group.

Install sudo.

Create a script that runs the ps command with the output filtered/modified. Call this script /bin/secps

Configure your sudoers file to allow the execution of the secps command as user "ps". Using sudo, disallow the use of parameters for that command, like this:

USERLIST ALL = (ps) NOPASSWD: /bin/secps

Then the users only can run the command with sudo.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Greg Vaidman
Respected Contributor

‎04-24-2006 04:55 AM

‎04-24-2006 04:55 AM

Re: Suppress ps -ef command line args

Try the process described here: http://www.uaex.edu/srea/#Hiding_Passwords_From_UNIX_ps_Command

You'll have to rename your "B" to "B.hide", compile the C program, and name the new program "B".

The original purpose of the program was to hide passwords passed on the command-line when calling Oracle sqplus commands, but it should work with any program.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.