Linux hide processes from other users and ps command

I run a multi-user system. Most users access resources using SSH client. How can I stop leaking process information to all users on Linux operating systems? How do I prevent users from seeing processes that do not belong to them on a Debian/Ubuntu/RHEL/CentOS Linux server? Is there any way to hide other users process when running ps command?

If you are using Linux kernel version 3.2+ (or RHEL/CentOS v6.5+ above) you can hide process from other users. Only root can see all process and user only see their own process. All you have to do is remount the /proc filesystem with the Linux kernel hardening hidepid option. This hides process from all other commands such as ps, top, htop, pgrep and more.
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements Linux kernel v3.2+
Est. reading time 3 minutes

Linux hide processes from other users using hidepid option

This option defines how much info about processes we want to be available for non-owners. The values are as follows:

  1. hidepid=0 – The old behavior – anybody may read all world-readable /proc/PID/* files (default).
  2. hidepid=1 – It means users may not access any /proc/<pid>/ directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users.
  3. hidepid=2 It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.

Get the list of current processes on Linux

ps aux

The ps command displaying the root user process and I am logged in as a regular user

Linux kernel protection: Hiding processes from other users

Type the following mount command:
# mount -o remount,rw,nosuid,nodev,noexec,relatime,hidepid=2 /proc
Edit /etc/fstab using a text editor such as nano command/vim command, enter:
# vi /etc/fstab
Update/append/modify proc entry as follows so that protection get enabled automatically at server boot-time:

## append the following line ##
proc    /proc    proc    defaults,nosuid,nodev,noexec,relatime,hidepid=2     0     0

Save and close the file. Where security mount options are as follows:

  • nosuid : Do not allow set-user-ID or set-group-ID bits to take effect.
  • nodev : Do not interpret character or block special devices on the file system.
  • noexec : Do not permit direct execution of any binaries on the mounted filesystem.
  • hidepid: Option defines how much info about processes hidden.

Linux demo: Prevent users from seeing processes that do not belong to them

In this example, I’m login as vivek@cbz-test:
$ ssh vivek@cbz-test
$ ps -ef
$ sudo -s
# mount -o remount,rw,hidepid=2 /proc
$ ps -ef
$ top
$ htop

Sample outputs:

Animated gif 01: hidepid in action

Tip: Dealing with apps that breaks when you implement this technique

You need to use gid=VALUE_HERE option:

gid=XXX defines a group that will be able to gather all processes’ info (as in hidepid=0 mode). This group should be used instead of putting nonroot user in sudoers file or something. However, untrusted users (like daemons, etc.) which are not supposed to monitor the tasks in the whole system should not be added to the group.

So add the user called monapp to group (say admin) that want to see process information and mount /proc as follows in /etc/fstab:

proc /proc proc defaults,hidepid=2,gid=admin 0 0 

Now you know how to hide Linux processes from other users and commands like ps, top, htop and others. For more information see the following URLs:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 11 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
11 comments… add one
  • Deny Dias Aug 21, 2014 @ 21:46

    Hi! Thanks for the tip.

    But the thing that really amazes me in your terminal tips is how you present these gif with recorded terminal sessions. How you do that?

    Best, Deny.

  • Fabio Schmidt Aug 25, 2014 @ 12:48

    Hi ! Firstly, congratulations for this outstanding tutorial, thanks for sharing !

    If you could tell how you recorded the gif with your terminal session I would really appreciate !

  • anon Aug 27, 2014 @ 5:22

    Here’s one way to generate a gif from a terminal session:

  • Deny Dias Aug 27, 2014 @ 9:57

    Hi, anon!

    Thanks for the tip. ttyrec and tty2gif are the ones I actually use today.

    But the one we see here is kinda different. It shows a timer and nice cursor click warning circle that ttyrec/tty2gif doesn’t feature.

    It appears to be a conventional screen recorder (X session, not tty related) set to record a specific area. I made some research on this matter and I could not find any screen recorder for Linux that features what we see on this gif above. I use SimpleScreenRecorder myself, but it definitively don’t have these two nice bells.

    I would love to know what is the one used by Nix Craft, but they seem not willing to answer this…

    Anyway, thank you very much.

    • Noob Oct 28, 2014 @ 15:41

      They are using virtual machine on a mac host.
      Recorded using quicktime then converted to gif using ffmpeg.

  • George Aug 28, 2014 @ 10:42

    The tool is LICEcap

  • Deny Dias Aug 29, 2014 @ 13:51

    Thank you very much, George!

    Too bad LICEcap is a Windows/OS X only app though. No donuts for me or anyone under Linux/BSD. :(

  • test2 Sep 9, 2014 @ 9:13

    1) Try to using cgroup !

    E.g. creating lxc-container for each user, similar to shared hosting, but virtual machines. Users will log-in to separate virtual machine cgroup-based, LXC. They will n’t able to read each others pids, and moreover they will have each own init(process) and all enviroment too.

    2) Look at grsecurity solution, there is pack of patches, in this pack such solution like hide pids / processes infromation from other users is a light trick compare to other great hardening of linux kernel.

    Anyway, your solution is better, looks like it is becoming native to Linux. Thanx!


  • Marcor Dec 15, 2014 @ 15:41

    top -u $USER

  • Alex Oct 29, 2015 @ 7:13

    Everything is good with “hidepid”, but…

    ls -la /run/*.pid

    will disclose processes PIDs inside on those files

    FreeBSD is much smarter in this case, it sets appropriate permissions on pid files inside of /var/run automatically and doesn’t have /proc directory by default at all
    and hiding processes from non-owners is simply as

    sysctl security.bsd.see_other_uids=0
    sysctl security.bsd.see_other_gids=0
  • Tran Dec 7, 2017 @ 1:32

    Thank for the great sharing.
    I have only 1 concern.
    I logged in by ssh and there 1 sshd process belonging to me.
    However I can find it by ps or top command.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum