Running top on system console without being logged on

Reko Turja reko.turja at
Thu Jan 6 04:07:48 PST 2005

----- Original Message ----- 
From: "Anthony Atkielski" <atkielski.anthony at>
To: <freebsd-questions at>
Sent: Thursday, January 06, 2005 3:48 AM
Subject: Re: Running top on system console without being logged on

>> How about creating a user like this with vipw:
>> topper::userno:groupno::0:0:Topper Harley:/nonexistent:/usr/bin/top
>> and then just logging in on spare console screen as topper?
>> I'm not sure if there are security implications though, even if the 
>> user
>> is not member of the wheel group etc.
> I've considered this, but like you, I'm not sure of the security
> implications, so I haven't actually done it.  And is it possible to
> include command-line options in the login shell command for a user?

Actually not command line options as such, but you can make a login 
class for the top user in /etc/login.conf and feed the options via TOP 
environment variable from there.

You cant shell out from top and renicing from non root account is 
impossible (except dropping the niceness of your own process). I think 
the approach is secure enough and if you give "topper" good enough 
password or deny logon from anywhere except from console, everything 
should be ok. Of course if the terminal is accessible to others than 
administrative staff, giving out the usernames can be a risk, but you 
can use the usernumbers option to avoid giving out the usernames.

Did myself something very similar with a IPless firewall between a while 
back but I ran vmstat in the console instead. Good one glance monitoring 
without the need of logging on the machine itself.


More information about the freebsd-questions mailing list