To see the list of current processes running, you can use the ps command. Try this in a terminal: The aux parameters tell ps to list all the system processes with extra information about who owns the processes and what calling parameters were used.
As you can see, the list shows processes owned by different users including “pi” (the default Raspbian user on a Raspberry Pi), “root” and “www-data”. Here is a slightly modified screenshot which shows the processes along with fuller details about the commands and their parameters.
If you look down the list, you will see the command nano MYBANKACCOUNTNUMBER.TXT which is owned by the user “john.” Imagine if the file name was a little more revealing than the example; such data is exposed to all users on the system and could be used for malicious purposes. Since Linux kernel 3.2 there is a way to stop users getting access to information about processes which they don’t own. The ps command gets the process information from the /proc filesystem (where “proc” is short for process). There is a new parameter called “hidepid” which is used when the /proc filesystem is mounted. It can hide processes and controls who has access to the information under /proc.
hidepid=0 – The default behavior where any user can read the files under /proc/PID/ hidepid=1 – It means users may not access any /proc/PID/ sub-directory except their own. Also files like cmdline, io, sched*, status, wchan are inaccessible to other users. hidepid=2 – Everything from hidepid=1, plus all /proc/PID/ sub-directories will be hidden to other users.
The /proc filesystem can be remounted on the fly using the remount option of the mount command. To test hidepid, you can remount the /proc filesystem like this: Now you can try the ps command again:
Now the output only shows processes that are owned by the user “pi”. To make this change permanent, you need to edit your Pi’s “/etc/fstab” file. The “fstab” file controls which file systems are mounted at start up. And find the line which reads: And change it to: Exit the editor using “Ctrl + X.” Now reboot your Raspberry Pi. When it reboots, check that the /proc filesystem has been mounted with the right options. First use mount and grep to see the current options:
Now test the ps command, exactly as we have done above: Notice now that only the processes owned by “pi” are visible, but unlike before when we remounted the /proc file system, this is now the permanent setting. However one word of warning, even when hidepid is used, “root” can still see all the processes and the calling parameters. The technique used above will work on other Linux machines and distributions, not just the Raspberry Pi with Raspbian. If you have questions about using the “hidepid” option on the /proc file system, please feel free to use the comments section below, and we will see if we can help.