Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site nmtvax.UUCP
Path: utzoo!linus!philabs!cmcl2!lanl!unm-la!unmvax!nmtvax!maurice
From: maurice@nmtvax.UUCP
Newsgroups: net.unix-wizards
Subject: Re: user invisibility (Cloaking)
Message-ID: <812@nmtvax.UUCP>
Date: Sun, 13-Oct-85 17:46:55 EDT
Article-I.D.: nmtvax.812
Posted: Sun Oct 13 17:46:55 1985
Date-Received: Tue, 15-Oct-85 07:26:36 EDT
References: <1747@brl-tgr.ARPA> <>
Reply-To: maurice@nmtvax.UUCP (Roger M. Levasseur)
Organization: Insert cute organization title here
Lines: 24
Summary: 

>>     How to cloak oneself depends on your goal.	If you merely want
>> anonymity, login as root.  If you wish to be invisible, try naming
>> your shell "getty".

To truly vanish will require lots of work with other things too.
Of course the most noticible is /etc/utmp, and then there is fixing
ps not to show you, but there are several other things too. First there
is /usr/adm/wtmp. Unless that is fixed too, running the last(1) program
will show a user as still being logged in. Some places have the 'top'
program that was distributed over the net a while back (another ps like
program) that will need to be fixed as well. Then there is the lastlog
of when users last logged in. That can be watched for changes. Another
is watching the character device for access and modify time changes.
Active terminals can be noted, as well as their owners. Granted that
for most of these fixes, one needs be root as that the files are (or at
least should be) protected from general write access, and kmem without
general read access. These seem to be most of what I can think of,
perhaps there are more subtil ways, I can think of one already, but
to say it in general, you can run, but you can't hide. Perhaps from
99% of the users you can, but someone will still be able to see that
you are there from one thing or another.

  Roger Levasseur
  New Mexico Tech