dtrace discuss - Sep 2007 - How hide process or replace string in output of "who"?

Is there any way to hide the some process from users (if they run the
`ps`-command) using dtrace? Or how hide or replace  string in the output of some
programm (i.e. string with "root" entry in "who"-output)?


--
This message posted from opensolaris.org

On 9/19/07, Danny <solaris-78 at mail.ru> wrote:
> Is there any way to hide the some process from users (if they run the
`ps`-command) using dtrace? Or how hide or replace  string in the output of some
programm (i.e. string with "root" entry in "who"-output)?
You can take away the proc_info privilege.  This makes ps and w unable
to see other users'' processes.   The following entry in /etc/user_attr
should do the job for a given user:

someone::::type=normal;defaultpriv=basic,!proc_info

No need for destructive dtrace actions for this one.

Since who reads a world-readable file, trying to hide that info is a
bit more tricky.  You could change the permissions on /var/adm/utmpx
to not be world-readable (or set an acl on it to deny access to
particular users).  I''m not sure what that would break.

-- 
Mike Gerdts
http://mgerdts.blogspot.com/

Thanks for the answer, I am familiar with this way. The opportunity to change a
conclusion of programs by means of dtrace is interesting to me. For example so:
#!/usr/sbin/dtrace -ws

syscall::write:entry
/ (execname == "w" || execname == "who") &&
strstr(copyinstr(arg1),"mulder") != NULL /
{
copyoutstr("scally", arg1, 6);
}


--
This message posted from opensolaris.org