[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
>I have found that the default permissions on /dev/kmem and /dev/mem are
>read/write only for root. No other ID has any permissions. This seems to
>be a problem for users using top. If I change the permissions on these
>files to rw-r--r-- so that users can see the file are there any security
>or other issues I should be concerned with.
Yes, all your users will be able to snoop passwords from /dev/mem
and monitor everything typed and done on the system
Ie., a really bad thing to do.
This is why top is commonly installed set-gid sys or set-uid root.
Quote:>On a similar note, are there option in top that allow users to see all
>the process on the system including other user processes. I didn't see
>anything in the man page that allowed this.
Ah, you're running top on 2.5.1 or before. This requires top to
run set-uid root.
In 2.6 and later, it only needs set-gid sys but can run
without any privileges, provided you can do without "last pid"
and you run a recent top3.5beta. (one with complete kstat support)
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
by