The purpose of this guide is purely informational and as such cPanel, LLC will not assume responsibility for any potential adverse outcomes that might arise from its adoption. You may, therefore, wish to seek assistance from a qualified system administrator regarding any potential issues, as one would have the tools and knowledge in order to assist you.
Question:
When running commands like “top” and “ps” as a non-root user, you’ll observe that the only processes visible are those belonging to the user running the command. Why normal users are not able to see other users’ processes?
Answer:
This behavior is controlled by a specific mount option called “hidepid”. By default, the hidepid option has the value zero (0). This means that every user can see all data. When setting it to 1, the directories entries in /proc will remain visible, but not accessible. With value 2 they are hidden altogether. This last option will work perfectly for most systems. Setting hidepid=0 disables the protection (all users can see all other users processes and access them). Setting hidepid=1 disables the protection (all users can see all other users processes but cannot access them). Setting hidepid=2 enables the protection (all users can only see and access their own processes). Linux (by default) sets this value to 0. But, for reasons of security, cPanel/WHM and CloudLinux will set it to 2:
mount | grep hidepid
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime,gid=1000,hidepid=2)
proc on /usr/share/cagefs-skeleton/proc type proc (rw,nosuid,relatime,gid=1000,hidepid=2)
https://docs.cloudlinux.com/cloudlinux_os_kernel/#remounting-procfs-with-hidepid-option
So by modifying this particular value you should be able to control how much access other users have over other users' processes.
Please bear in mind that changing this value have potential security implications, so changing it it's not recommended by cPanel and as a result we will not be able to provide support regarding such modifications.
Workaround:
To see how you can change the value of hidepid on the /proc mount, you can refer to the “Workaround” section of the following article:
Cloudlinux utility ‘cldiag’ reports error “FAILED: Details: hidepid protection disabled.”