Disable w / who

Dan Nelson dnelson at allantgroup.com
Wed Apr 2 15:34:46 UTC 2014

In the last episode (Apr 02), Daniel Corbe said:
> "Kenta S." <kentas at hush.com> writes:
> > Hi. On a multiuser system, is it possible to disable access to the "w"
> > and "who" commands?  I'd rather all the users not be able to see each
> > other's IP addresses.
> chmod og-rx /usr/bin/who && chmod og-rx /usr/bin/w

Also remember to remove /var/run/utx.active, /var/log/utx.*, the netstat,
sockstat, and lsof commands, plus gcc, clang, and any ability to upload
executables :)  Unixes weren't really designed for information-hiding at the
level you're looking for.

An alternative might be to do some sort of inbound NAT outside the box
itself, so that all incoming TCP sessions get NAT'ted to an internal IP
before hitting your server.

	Dan Nelson
	dnelson at allantgroup.com

More information about the freebsd-questions mailing list