On Thu, Mar 06, 2014 at 12:21:06PM +1100, Craig Small wrote:
On Thu, Mar 06, 2014 at 12:54:00AM +0100, Vincent Danjean wrote:I'm not sure I will let this setup (hidepid=1) on my computers. My current POV (that can change) is that I prefer to be able to do the maximum of thing as a normal user (top, ps, read log (I'm in the adm group), ...) ans switch to root when I really need to do some modifications.You apparently can have a "special" group that can see everything.
Aren’t there PAM modules which can grant capabilities to certain users?
That might be worthwhile for a default. It makes things like pstree look odd, so I'll be expecting some new bug reports.
It will break software like nagios with check_procs. Any ideas how one can solve this? dpkg-stateoverwrite doesn’t support capabilities, only the standard chmod commands.
Shade and sweet water!
Stephan
--
| Stephan Seitz E-Mail: s...@fsing.rootsland.net |
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |
smime.p7s
Description: S/MIME cryptographic signature
