:: Re: [DNG] Another multi-user issue
Top Pagina
Delete this message
Reply to this message
Auteur: Rainer Weikusat
Datum:  
Aan: dng
Onderwerp: Re: [DNG] Another multi-user issue
"Jack L. Frost" <fbt@???> writes:
> On Sun, Apr 03, 2016 at 08:17:32PM -0400, Boruch Baum wrote:
>> Please consider setting the default /etc/fstab to include:
>>
>> proc            /proc           proc    defaults,hidepid=2

>>
>> This has the effect of keeping the specific activities, process ids,
>> command lines and parameters of a user from other users.
>
> I've been using hidepid=2 as a default in my toy distro and haven't found a
> usecase where that would be a bad default. So unless there are common enough
> usecases where users need to see others' processes, I agree.


Since this is an argument for changing the default behaviour, there
ought to be some "common enough" use cases where that would be
beneficial. Eg, why should daemon processes running on a machine used by
a single person, say, the proverbial "clueless newbie", be forcibly
hidden from the owner of the computer unless he happens to be running as
root?

The 'common use case' where the default behaviour is useful would still
be a system with one physical user running processes supposed to be
various useful tasks using a variety of different user IDs. Eg, the web
server I'm using to get files onto iOS devices runs as www-data, the DNS
resolver as bind, the program getting my e-mails as fetchmail, the
timekeeping daemon as ntp, the line printer daemon as daemon and all
kernel threads runs as root. In case something "seems wrong", eg, the
system starts to behave sluggishly, I can do a quick check of the status
of everything without doing an uid change first. I can check if I
started the mail downloader at all with a mere ps faux or pgrep
fetchmail. Kernel threads using enormous amounts of CPU time are visible
to me without running top as root. etc