0

For security and privacy reasons, I want to stop logging logins, as well as hiding information about currently logged-in users.

So far, I tried revoking reading permissions to utmp and wtmp:

sudo chmod o-r /var/run/utmp sudo chmod o-r /var/log/wtmp

Which successfully stops w and who commands from working. They return without information about other users.

However, as demonstrated in the answer in "Other users are logged in" how does the system know? Where is the information leaking? it is still possible to access the information about other logged-in users via a DBus call to systemd-logind or elogind.

How can I disable this specific DBus call? Or, in general, how can I prevent normal users from being able to look up other logged-in users?

Improve this question
2
  • 2
    In general you can not. Unix was designed to be used by a group of people. The best you can do is set up some kind of container environment or virtual machine and give each person their own container or vm. Commented Feb 9, 2023 at 23:52
  • For a start you'll have to disable ps and top. ls -l /proc is also a problem. Last update of /home/user could also leak information. If you really want to keep every user from knowing about other users the best best is a vm or container specific to each user. Commented Feb 10, 2023 at 5:37

1 Answer 1

Reset to default
0

If you create a chroot environment for your users, then you'll have complete control over the available commands.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.