Начиная с ядра 3.3 в нем реализовано то, что вам нужно.
Согласно PROC (5):
hidepid=n (since Linux 3.3)
This option controls who can access the information in /proc/[pid] directories.
The argument, n, is one of the following values:
0 Everybody may access all /proc/[pid] directories. This is the traditional be‐
havior, and the default if this mount option is not specified.
1 Users may not access files and subdirectories inside any /proc/[pid] directo‐
ries but their own (the /proc/[pid] directories themselves remain visible).
Sensitive files such as /proc/[pid]/cmdline and /proc/[pid]/status are now
protected against other users. This makes it impossible to learn whether any
user is running a specific program (so long as the program doesn't otherwise
reveal itself by its behavior).
2 As for mode 1, but in addition the /proc/[pid] directories belonging to other
users become invisible. This means that /proc/[pid] entries can no longer be
used to discover the PIDs on the system. This doesn't hide the fact that a
process with a specific PID value exists (it can be learned by other means,
for example, by "kill -0 $PID"), but it hides a process's UID and GID, which
could otherwise be learned by employing stat(2) on a /proc/[pid] directory.
This greatly complicates an attacker's task of gathering information about
running processes (e.g., discovering whether some daemon is running with ele‐
vated privileges, whether another user is running some sensitive program,
whether other users are running any program at all, and so on).
gid=gid (since Linux 3.3)
Specifies the ID of a group whose members are authorized to learn process informa‐
tion otherwise prohibited by hidepid (i.e., users in this group behave as though
/proc was mounted with hidepid=0). This group should be used instead of ap‐
proaches such as putting nonroot users into the sudoers(5) file.
Это полезно, потому что вы можете выбрать, кто может читать /proc/PID.
Так что, если вы хотите попробовать, не забудьте перемонтировать /proc в соответствии с вашими потребностями:
--практический случай:
: su -
Password:
root@foo:~# mount -o remount,hidepid=2 /proc
root@foo:~# exit
logout
:ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
tntx 709 0.0 0.1 33980 8012 tty2 S 18:12 0:00 irssi
tntx 746 0.0 0.0 8868 3880 tty1 S 18:13 0:00 -ksh93
Так что теперь у меня нет возможности увидеть другой процесс, кроме моего через PS (1 )или lsof (8)
Один из подходов может заключаться в следующем. Сначала мы читаем файл fasta и создаем массив с ключом на имени гена. Значение, соответствующее этому ключу, представляет собой текущие n следующих строк, разделенных новой строкой.
Вывод сохраняется в соответствующих *файлах.txt.
awk -F '|' '
# @the beginning of file, get its type
FNR==1 { inCsv = !(inFasta = FS == "|") }
# get gene name n record next line number
inFasta && /^>/ {
t=$0; gene=$1
gsub(/^.|[[:space:]]*$/, "", gene)
nxtln=NR+1
}
# fill up the value for the current gene
inFasta && NR==nxtln { a[gene] = t ORS $0 }
# we are in CSV file
# close previously open filehandle
# open fresh file handle (match*.txt)
# write to filehandle based on equality
# of field1 and field3
inCsv && NF>3 {
if (FNR == 1) {
close(outf)
outf = "match" ++k ".txt"
}
print a[$($1==$3?4:3)] > outf
}
' file_B.fasta FS=, file*.txt
$ cat match1.txt
>gene88 | shahid | ahifehhuh
TAGTCTTTCAAAAGA...
>gene67 | vdiic | behej
GTCAGTTTTTA...
>gene95 | siis | ahifehhniniuh
TAGTCTTTCAAAAGA..
awk '{if($1 == $3) {print $1,$2,$NF}else{if($1 == $NF){print $1,$2,$3}}}' filename
выход
gene1 description1 gene88
gene56 description2 gene67
gene6 description3 gene95