# Limiting who/w output



## hashime (Jun 25, 2015)

Hello

I am trying to restrict normal users seeing who is logged in with `w` and `who`. Is there a way on FreeBSD to (easily) accomplish that?


----------



## tobik@ (Jun 25, 2015)

`chmod 640 /var/run/utx.active` 

Only root and users in the wheel group will be able to see any output with who(1) then.
But I don't know what the implications of this are. This could be a really bad idea...

You probably also want to set the sysctl security.bsd.see_other_uids=0, so that other users don't show in `top` or `ps`.


----------



## hashime (Jun 25, 2015)

security.bsd.see_other_uids=0 I got already from the FreeBSD manual.

`chmod 640 /var/run/utx.active` works as a workaround, users don't see themselves then either, but that's not too important.

Thank you. I'll try it and see if it causes some fallout.


----------



## protocelt (Jun 25, 2015)

You didn't mention the use case for your system, however, you could just use jail(8)s to completely isolate the accounts if feasible. It may of course be overkill for your use case but just a thought anyway.


----------



## hashime (Jun 25, 2015)

The use case is that I want users not to see the IP of other currently logged in users and give them as much privacy as possible. It's not really important, I am just curious how that would be done on a FreeBSD system, since I just recently switched from Linux and have no clue whatsoever what I am actually doing


----------

