In a multi-user system it was always possible for any user to list all running processes on the system whether or not these processes belong to the user!
With linux kernel 3.2+ (RHEL/Centos 6.5+) there is a new added feature to give the root a full control over this issue where root will be the one who can list all running processes and all users will only list their own processes no more.
New mounting option: hidepid
The new option defines how much info about processes we want to be available for non-owners.The value of it will define the mode in mounting as follow:
hidepid=0 – The old behavior – anybody may read all world-readable /proc/PID/* files (default).
hidepid=1 – It means users may not access any /proc/ / directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users.
hidepid=2 It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.
This could be done through the command line as follow
# mount -o remount,rw,hidepid=2 /proc
Or by updating /etc/fstab
# vi /etc/fstab
proc /proc proc defaults,hidepid=2 0 0
This will need # mount -a to just re-read /etc/fstab
References: