How to prevent use of `w` and `who` on shared webhosts

Question

We are in the process of setting up a hosting machine that clients will have SSH access to. We don't want them to be able to see a list of user accounts, but the problem we have run into are commands like w and who.

We could disable those, but then they could just bring their own binary. I just tried on a shared webhost, and I was the only user who showed up in w, even though it's a large shared box and I doubt I'm the only one on.

How can I prevent users from seeing who else has logged in via SSH?

score 3 · Accepted Answer · answered Jul 27 '12 at 19:16

3

w and who basically read the data from /var/run/utmp. If you change the permissions of it to say 660 that will prevent users being able to read it.

answered Jul 27 '12 at 19:16

Matthew Ife

23,357
3
55
72

Lucas Kauffman · Answer 2 · 2012-07-27T19:22:43.830

0

You can disable the command by running chmod 700 /usr/bin/who. I'd do this in addition to Mlfe's answer.

This will disable execution for all users except root.

edited Jul 27 '12 at 19:22

answered Jul 27 '12 at 19:13

Lucas Kauffman

16,880
9
58
93

1

My understanding is that just making `/user/bin/who` unexecutable is insufficient because a user could simply bring another `who` binary and run it from their home directory. – Tom Marthenal Jul 27 '12 at 19:28
It is, I just said use it in addition :) – Lucas Kauffman Jul 27 '12 at 19:44

How to prevent use of `w` and `who` on shared webhosts

2 Answers2