How to Hide Processes from Normal Users

If you are administering a multi-user Linux server or system. Then all the users, including normal or ordinary users can see the processes run by other users including root and system processes. Which is the default behavior of Linux server. On a critical server, we might want to hide processes from normal users.

But the default behavior is not good for security reasons. Where all the users can see all the processes, those from other users and also processes owned by “root” user.

You might want to know how to hide Linux processes from normal users. Specially to hide processes run by root from ordinary users.

How to Hide Processes from Normal Users

When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID).

By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the security of the system.

If you’re running a recent Kernel, (version 3.2 or higher), you can achieve this benefit of hiding Linux processes of other users by mounting the /proc filesystem with the new hidepid option.

Understanding /proc

The proc filesystem is a pseudo-filesystem which provides an interface to kernel data structures. It is commonly mounted at /proc. Typically, it is mounted automatically by the system, but it can also be mounted manually using a mount command.

Most of the files in the proc filesystem are read-only, but some files are writable, allowing kernel variables to be changed.

1. hidepid=0 (default): This is the default setting and gives you the default behaviour.
2. hidepid=1: With this option an normal user would not see other processes but their own about ps, top etc, but he is still able to see process IDs in /proc
3. hidepid=2: Users are only able too see their own processes (like with hidepid=1), but also the other process IDs are hidden for them in /proc

Default behaviuor is a normal user is able to see all the proccesses running in the system. Including processes of other users and root user.

As you can see here, a normal user alok, is able to see all the processes running on the Linux server using top command and ps command.

Using top command

Using ps command

Now lets remount the proc with hidepid=2. So normal users will not be able to view processes of other users and root. Which is a good security setting on a critical Linux server.

Now, once its done a normal user (user alok here), will not be able to see processes by other users and user root.

Of course, you can make it permanent by editing /etc/fstab with the entry

proc    /proc    proc    defaults,hidepid=2     0     0

Now if normal user, alok, tries to use the top and ps command again. He will only be able to see the processes owned by him. Thus we are successful in hide processes from normal users.

Using ps command

Using top command

You can learn more on Linux server administration by joining RHCSA training. RHCSA level of knowledge is must for getting any job in IT.