Ubuntu – ps aux as non-root doesn’t show all processes

i'm using an ubuntu 10.04 server…

when i run ps aux as root i see all processes when i run ps aux as nonroot i see JUST the processes of the current user

after a bit of research i found the following solution:

root@m85:~# ls -al /proc/
total 4
dr-xr-xr-x 122 root      root         0 2010-12-23 14:08 .
drwxr-xr-x  22 root      root      4096 2010-12-23 13:30 ..
dr-x------   6 root      root         0 2010-12-23 14:08 1
dr-x------   6 root      root         0 2010-12-23 14:08 10
dr-x------   6 root      root         0 2010-12-23 14:08 1212
dr-x------   6 root      root         0 2010-12-23 14:08 1227
dr-x------   6 root      root         0 2010-12-23 14:08 1242
dr-x------   6 zabbix    zabbix       0 2010-12-24 23:52 12747
[...]

my first idea was, that it got mounted in a weird way: /etc/fstab is ok and it doesn't seem to be mounted in an weird way…

my second idea was, that there might be a rootkit: but it's not a rootkit… rkhunter tells me, that there is no rootkit installed…

i don't know if it is since the machine got installed or came with an update. i've just installed zabbix-agent on the machine and realized, that it didn't work properly…

I have already checked sysctl, with no result.

sysctl -a | grep ps
sysctl -a | grep proc

i got a tip about grsecurity and googled a bit for it. dpkg shows that i'm using the standard kernel and no grsecurity seems to be installed. also the /dev/grsec doesn't exists.

i've also stopped apparmor, but there is still the same problem.

dpkg shows, that libselinux1 is installed, but not the selinux package… /selinux is empty…

is there another way, that i can check if grsecrity, selinux are running?

What could have caused such strange permissions (500) and how can i set it back to an normal level (555) ?

Crazy, i've never seen something like that…

thanks in advance for any help and merry christmas 🙂

just to make it clear, what ps aux prints out (as root i see all proccesses also apache, that runs under www-data):

zabbix@m85:~$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
zabbix   12747  0.0  0.0   9760   572 ?        SN   Dec24   0:00 zabbix_agentd
zabbix   12749  0.1  0.0   9760   872 ?        SN   Dec24   2:13 zabbix_agentd
zabbix   12750  0.0  0.0   9772   784 ?        SN   Dec24   0:00 zabbix_agentd
zabbix   12751  0.0  0.0   9772   788 ?        SN   Dec24   0:00 zabbix_agentd
zabbix   12752  0.0  0.0   9772   780 ?        SN   Dec24   0:00 zabbix_agentd
zabbix   12753  0.0  0.0   9760   608 ?        SN   Dec24   0:01 zabbix_agentd
zabbix   32067  0.0  0.0  35864  1360 pts/0    S    00:54   0:00 su - zabbix
zabbix   32068 11.0  0.3  25096  6980 pts/0    S    00:54   0:00 -su
zabbix   32094  0.0  0.0  15188  1152 pts/0    R+   00:54   0:00 ps aux
zabbix@m85:~$
jmw@m85:~$
jmw@m85:~$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
jmw    32361  0.0  0.0  15188  1156 pts/0    R+   00:57   0:00 ps aux
jmw@m85:~$

Best Answer

You appear to have bumped into the default Ubuntu procps version of ps which - by attempting to emulate three different argument flavors - can be downright confusing. Quoth the man page:

This version of ps accepts several kinds of options:

UNIX options, which may be grouped and must be preceded by a dash.

BSD options, which may be grouped and must not be used with a dash.

GNU long options, which are preceded by two dashes.

Which means that ps -a yields very different results than ps a. Given my history, I'm rather fond of ps -eaH and frankly haven't needed to know the process RSS badly enough, often enough to slog through the whole manual to find which flag will give it to me.

Best Answer

Related Solutions

Ubuntu – Linux ps aux results – wierd processes

Ubuntu – Kill all processes except the one running the script

Related Question