August 25, 2005
Seeing all processes
'ps' is, as I'm sure you all know, a very useful command. 'ps' stands for 'process status' and it gives you information on running processes, and has almost as many options as ls. My standard ps bash alias is :alias ps='ps -afuxww'This shows all (-a) processes, swapped (-f, but only as root) processes, lots of information (-u), include "headless" apps, like daemons and the like (-x), and do it as wide as you can get (-w says 132 columns, -ww says use it as wide as you need). Turns out, there are a couple of sysctl options that make ps more secure by not allowing "normal" users to show everything that is running. One of them is mentioned in the man page, security.bsd.see_other_uids (see the entry for the -a option). Kevin on the freebsd questions mailing list gives a cool little demo for setting and unsetting it from the commandline:
# sysctl -a | grep other_uid
security.bsd.see_other_uids: 1
# sudo sysctl security.bsd.see_other_uids=0
security.bsd.see_other_uids: 1 -> 0
# sysctl -a | grep other_uid
security.bsd.see_other_uids: 0
# sudo sysctl security.bsd.see_other_uids=1
security.bsd.see_other_uids: 0 -> 1
# sysctl -a | grep other_uid
security.bsd.see_other_uids: 1
But that's a 5.x option. The 4.x option is kern.ps_showallprocs - pretty straight forward name there. And to set this so that it gets correctly set every boot time, you put it in the /etc/sysctl.conf file:
kern.ps_showallprocs=1ps (5.x)
ps (4.x)
del.icio.us | Digg it | Furl | Yahoo MyWeb | Create Social Bookmark Links
Posted by jdarnold at 09:25 AM | TrackBack
Track with co.mments
Track with co.mments 
