By default, any user on a Linux server can use commands like top or htop to view all running processes, including those owned by other users.

While this can be useful in certain situations, it can also pose security risks by exposing sensitive information to potential attackers.

This tutorial shows you how to restrict users from viewing processes owned by other users, thereby enhancing the security of your Linux server.

Preparation

To make the most of this guide, ensure you have a properly set up Ubuntu server.

👉
Check out my guide on preparing Ubuntu servers to ensure your server is properly set up.

If you don’t have one, consider getting a free VPS server to follow along.

Demonstration

To demonstrate how any user could see processes running by other users, I added a new user named Elie and ran the htop command.

htop output

Even with their normal user privileges, Elie is able to see all processes running, including those owned by root and various system users.

Keeping Users' Processes Private

To keep users' processes private, you need to add the following line to the end of the /etc/fstab file:

proc    /proc   proc    hidepid=2       0 0

Save and close the file.

💡
This solution doesn't work for RHEL 9-type distributions. Attempting it may break your server.

Then, remount /proc like this:

sudo mount -o remount proc

Now, let me switch back to Elie and run the htop command again.

htop output after

As you can see, Elie is now only able to view their own running processes.

The hidepid option with a value of 2 hides information about all running processes owned by other users, including the process directories in the /proc directory.

Conclusion and Final Thoughts

Easy, isn't it?

I hope this tutorial was helpful for you in keeping your users' running processes private.

👉
You can find the full collection of detailed Linux server security guides here.

If you found value in this tutorial or have any questions or feedback, please don't hesitate to share your thoughts in the discussion section.

Your input is greatly appreciated, and you can also contact me directly if you prefer.