All modern multi-tasking operating systems, including Linux, run a series of processes for each of the tasks being executed. A notepad application is a process, a terminal window is a process, the SSH server is a process, each SSH connection is a process and so on. Linux schedules the various system resources (CPU time, memory, I/O) so that each process get an opportunity to run.
To see the list of current processes running, you can use the ps command. Try this in a terminal:
The aux parameters tell ps to list all the system processes with extra information about who owns the processes and what calling parameters were used.
Since Linux kernel 3.2 there is a way to stop users getting access to information about processes which they don’t own. The ps command gets the process information from the /proc filesystem. There is a new parameter called “hidepid” which is used when the /proc filesystem is mounted. It can hide processes and controls who has access to the information under /proc.
hidepid=0 - The default behavior where any user can read the files under /proc/PID/ hidepid=1 - It means users may not access any /proc/PID/ sub-directory except their own. Also files like cmdline, io, sched*, status, wchan are inaccessible to other users. hidepid=2 - Everything from hidepid=1, plus all /proc/PID/ sub-directories will be hidden to other users
The /proc filesystem can be remounted on the fly using the remount option of the mount command. To test hidepid, you can remount the /proc filesystem like this:
sudo mount -o remount,rw,hidepid=2 /proc
Now you can try the ps command again:
Now the output only shows processes that are owned by the user “pi”.
To make this change permanent, you need to edit your pi’s /etc/fstab file.
sudo nano /etc/fstab
And find the line which reads:
proc /proc proc defaults 0 0
And change it to:
proc /proc proc defaults,hidepid=2 0 0
Exit the editor using “Ctrl + X.” Now reboot your Raspberry Pi. When it reboots, check that the /proc filesystem has been mounted with the right options. First use mount and grep to see the current options:
mount | grep hidepid
Now test the ps command, exactly as we have done above:
Notice now that only the processes owned by “pi” are visible, but unlike before when we remounted the /proc file system, this is now the permanent setting. However one word of warning, even when hidepid is used, “root” can still see all the processes and the calling parameters.