Running top on system console without being logged on
Reko Turja
reko.turja at liukuma.net
Thu Jan 6 04:07:48 PST 2005
----- Original Message -----
From: "Anthony Atkielski" <atkielski.anthony at wanadoo.fr>
To: <freebsd-questions at freebsd.org>
Sent: Thursday, January 06, 2005 3:48 AM
Subject: Re: Running top on system console without being logged on
>> How about creating a user like this with vipw:
>> topper::userno:groupno::0:0:Topper Harley:/nonexistent:/usr/bin/top
>> and then just logging in on spare console screen as topper?
>>
>> I'm not sure if there are security implications though, even if the
>> user
>> is not member of the wheel group etc.
>
> I've considered this, but like you, I'm not sure of the security
> implications, so I haven't actually done it. And is it possible to
> include command-line options in the login shell command for a user?
Actually not command line options as such, but you can make a login
class for the top user in /etc/login.conf and feed the options via TOP
environment variable from there.
You cant shell out from top and renicing from non root account is
impossible (except dropping the niceness of your own process). I think
the approach is secure enough and if you give "topper" good enough
password or deny logon from anywhere except from console, everything
should be ok. Of course if the terminal is accessible to others than
administrative staff, giving out the usernames can be a risk, but you
can use the usernumbers option to avoid giving out the usernames.
Did myself something very similar with a IPless firewall between a while
back but I ran vmstat in the console instead. Good one glance monitoring
without the need of logging on the machine itself.
-Reko
More information about the freebsd-questions
mailing list