FreeBSD Prevent Users From Seeing Information About Processes Owned by Other Users

Posted on in Categories , , last updated June 3, 2009

Many commands accepts username and passwords on the command line and ps, top, sockstat and many commands can display this information to all users on the system. How do I prevent users from seeing information about processes that are being run under another UID to avoid information leakage under FreeBSD operating systems?

FreeBSD has inbuilt security measure to disallow users to see processes run by other users (UID) to avoid information leakage (snooping). The MIB security.bsd.see_other_uids and security.bsd.see_other_gids needs to set to zero (0) to enable this security feature via sysctl. Type the following command to enable this feature on boot:
# echo 'security.bsd.see_other_uids=0' >> /etc/sysctl.conf
# echo 'security.bsd.see_other_gids=0' >> /etc/sysctl.conf
Type the following to turn it on immediately, enter:
# sysctl security.bsd.see_other_uids=0
# sysctl security.bsd.see_other_gids=0
Now normal users cannot see what other people or groups are running on the system. This also applies to all jailed systems.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on:

9 comment

  6. Hi Vivek,

    I have downloaded latest .rpm and installed the same on my test CentOS 5.3(i386) system. Will you please let me me what to do next to get the expected functionality ? Thanks.

    Reply Report comment

  7. This should be saying:

    # echo ‘security.bsd.see_other_uids=0’ >> /etc/sysctl.conf
    # echo ‘security.bsd.see_other_gids=0’ >> /etc/sysctl.conf

    and not /etc/rc.conf

    Reply Report comment

Leave a Comment

Tagged as: Tags , , , , , , , , ,