Web Hosting Talk






PDA

View Full Version : SSH Questions on FreeBSD Server Running cPanel

JTM
07-24-2003, 01:16 PM
I have a FreeBSD Server that is running cPanel. When I create a new user account in WHM and give it shell access, I am able to view all the processes running when entering "TOP". I can also go and view any file/directory located on the server outside the user's home directory.

Will somebody please tell me what I need to do to keep the user from being able to go outside their directory and how to only display the processes running off their userid? I don't want them to be able to see the list of processes running on the entire server.

Thanks in advance.
davidb
07-24-2003, 04:02 PM
disable shell access. They dont run processes so thats pretty much outta the question.
JTM
07-24-2003, 04:12 PM
The problem is that many of the users have been using SSH for the past couple years and would be angry if they cannot use it. I am only enabling it for certain users but there should still be a way to keep them from being able to view the entire list of processes.
psk
07-24-2003, 04:18 PM
Hi,

The users can be blocked from going outside there home folder by setting the permission of the home folder to 700.

Free BSD normally shares the home folder as in debian. (Actually it will be asked while installing the OS)

Then about top showing the user processes. There is no option for top to stop from showing the user processes. But there is no problem that the other user can see the process details. They are not permitted to modify them. If really need the users to block from getting the information of the processes you may move the /usr/bin/top to /usr/sbin/top so that only the superuser can use it.

--
<<signature to be setup in your profile>>
Starhost
07-24-2003, 04:42 PM
Originally posted by psk

Then about top showing the user processes. There is no option for top to stop from showing the user processes. But there is no problem that the other user can see the process details. They are not permitted to modify them. If really need the users to block from getting the information of the processes you may move the /usr/bin/top to /usr/sbin/top so that only the superuser can use it.
I guess you didn't do any investigation about that ;).

Cause with the option:
sysctl kern.ps_showallprocs=0
You can disable users to see other processes then their own. You can set this option in /etc/sysctl.conf
JTM
07-24-2003, 04:51 PM
Cause with the option:
sysctl kern.ps_showallprocs=0
You can disable users to see other processes then their own. You can set this option in /etc/sysctl.conf

THANK YOU Starhost! :)

I will try it out and see how it goes.
Starhost
07-24-2003, 04:58 PM
1 more remark. The command to execute throw the commandline is:
sysctl kern.ps_showallprocs=0

And the line to put in your /etc/sysctl.conf is:
kern.ps_showallprocs=0