How do I hide a user that is logged into the server, from other users

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.







share|improve this question




















  • How would you normally check if a user is logged in?Using w? Or ?
    – Hunter.S.Thompson
    Nov 10 '17 at 5:28










  • If I wanted to check if a user is logged in, I would either use w or who
    – StrangeRanger
    Nov 10 '17 at 5:29







  • 1




    GAD3R all users are able to use sudo.
    – StrangeRanger
    Nov 10 '17 at 6:49














up vote
3
down vote

favorite












If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.







share|improve this question




















  • How would you normally check if a user is logged in?Using w? Or ?
    – Hunter.S.Thompson
    Nov 10 '17 at 5:28










  • If I wanted to check if a user is logged in, I would either use w or who
    – StrangeRanger
    Nov 10 '17 at 5:29







  • 1




    GAD3R all users are able to use sudo.
    – StrangeRanger
    Nov 10 '17 at 6:49












up vote
3
down vote

favorite









up vote
3
down vote

favorite











If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.







share|improve this question












If I and another person where logged onto a server (a Debian server to be exact) and I wanted to prevent the other user or even other user from seeing that I am active and logged into the server, how would I do that? Is there a command that I can use? If further clarification is needed, let me know.









share|improve this question











share|improve this question




share|improve this question










asked Nov 10 '17 at 5:09









StrangeRanger

9619




9619











  • How would you normally check if a user is logged in?Using w? Or ?
    – Hunter.S.Thompson
    Nov 10 '17 at 5:28










  • If I wanted to check if a user is logged in, I would either use w or who
    – StrangeRanger
    Nov 10 '17 at 5:29







  • 1




    GAD3R all users are able to use sudo.
    – StrangeRanger
    Nov 10 '17 at 6:49
















  • How would you normally check if a user is logged in?Using w? Or ?
    – Hunter.S.Thompson
    Nov 10 '17 at 5:28










  • If I wanted to check if a user is logged in, I would either use w or who
    – StrangeRanger
    Nov 10 '17 at 5:29







  • 1




    GAD3R all users are able to use sudo.
    – StrangeRanger
    Nov 10 '17 at 6:49















How would you normally check if a user is logged in?Using w? Or ?
– Hunter.S.Thompson
Nov 10 '17 at 5:28




How would you normally check if a user is logged in?Using w? Or ?
– Hunter.S.Thompson
Nov 10 '17 at 5:28












If I wanted to check if a user is logged in, I would either use w or who
– StrangeRanger
Nov 10 '17 at 5:29





If I wanted to check if a user is logged in, I would either use w or who
– StrangeRanger
Nov 10 '17 at 5:29





1




1




GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49




GAD3R all users are able to use sudo.
– StrangeRanger
Nov 10 '17 at 6:49










2 Answers
2






active

oldest

votes

















up vote
2
down vote



accepted










There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.



That's the technique usually used by intruders who compromise a server.



Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.






share|improve this answer



























    up vote
    0
    down vote













    Don't give them shell access.



    If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.



    Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.






    share|improve this answer




















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403670%2fhow-do-i-hide-a-user-that-is-logged-into-the-server-from-other-users%23new-answer', 'question_page');

      );

      Post as a guest






























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      2
      down vote



      accepted










      There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.



      That's the technique usually used by intruders who compromise a server.



      Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.






      share|improve this answer
























        up vote
        2
        down vote



        accepted










        There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.



        That's the technique usually used by intruders who compromise a server.



        Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.






        share|improve this answer






















          up vote
          2
          down vote



          accepted







          up vote
          2
          down vote



          accepted






          There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.



          That's the technique usually used by intruders who compromise a server.



          Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.






          share|improve this answer












          There's not much you can do apart replacing commands such as w, who, ps etc. with a doctored version (modified on the source and then recompiled) whose output hides the user, say, huntert.



          That's the technique usually used by intruders who compromise a server.



          Note that an experienced Unix user might still be able to spot your presence by telltale signs, but this technique should fool the casual user -- or a lazy superuser.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 '17 at 8:10









          dr01

          15.3k114769




          15.3k114769






















              up vote
              0
              down vote













              Don't give them shell access.



              If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.



              Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.






              share|improve this answer
























                up vote
                0
                down vote













                Don't give them shell access.



                If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.



                Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.






                share|improve this answer






















                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  Don't give them shell access.



                  If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.



                  Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.






                  share|improve this answer












                  Don't give them shell access.



                  If they have code execution, there's very little you can do to pervent that. Replacing binaries like @dr01 suggests is pretty much useless, because they'll just upload a clean version and use that instead. You could patch the kernel syscalls, but that's a lot of work, and probably not enough on its own.



                  Replace their login shell in /etc/passwd with something that only gives them access to the bare minimum that they need to have access to.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 10 '17 at 10:38









                  0x40

                  212




                  212



























                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f403670%2fhow-do-i-hide-a-user-that-is-logged-into-the-server-from-other-users%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?