[throwawayboise]

I've long thought that was a general problem. Why should I see the command line arguments from other users' processes?

What if non-root could see their own processes in detail, but only the program name for other users' processes?

Would that break a lot of other things?

[yrro]

You can do this by mounting procfs with the hidepid= option. But it breaks systemd when enabled system-wide: https://github.com/systemd/systemd/issues/12955

Individual units can opt-in to this behaviour with the ProtectProc= option though. But I don't think there's currently a good way to apply it to users' interactive processes.

[stevekemp]

Take a look at the `hidepid` option which is available to the /proc filesystem these days:

https://www.cyberciti.biz/faq/linux-hide-processes-from-othe...

Biggest surprise is that people can't run top/ps to see where load is coming from, but that aside I never noticed any particular downsides.

[MayeulC]

Just try to change it by yourself: https://www.cyberciti.biz/faq/linux-hide-processes-from-othe...

sudo mount -o remount,hidepid=1 /proc

[mauli]

Hi, great question. Have not seen it being enabled break anything so far (only some cross user invouse written process monitoring scripts). Linux has a flag for this for the /proc mountpoint: hidepid=2

[mehdix]

Most other users nowadays are likely to be your webserver, your application process, your database, your crawler, and a myriad of other long-running processes.

[zokier]

> What if non-root could see their own processes in detail, but only the program name for other users' processes?

At which point you might as well ask why do you need to see other users processes at all? And indeed, that is an option in grsec. I don't think it causes any major breakage, but there are probably some xkcd #1172 sort of things that break.

edit: apparently there is nowdays also options in mainline for that too: https://pipo.blog/articles/20130930-hidepid-process-hiding and also possibly with selinux?