[Feature request]: puppet resource service output shouldn't assert service status when non-root if process hiding enabled (FreeBSD) #291
Description
Use Case
If security.bsd.see_other_uids and/or security.bsd.see_other_gids sysctls are set to 0, an unprivileged user will not be able to see processes running as other users, so the ouput of puppet resource service shows ensure => 'stopped' for all services when running as non-root.
Describe the solution you would like
The simple solution is to not assert a service status when the agent is running as non-root, either of the aforementioned sysctls is set to 0, and service status claims that the service is not running. This has the advantage of not providing any wrong information but may exclude cases where the user can in fact determine the service status. Unfortunately, there doesn't seem to be a useful machine-readable standard for determining the service's user.
Describe alternatives you've considered
Checking for (servicename)_user or (servicename)_username sysrc variables would allow determining that the user would be able to see a running service (at least in the absence of MAC policies), but this is strictly a convention and there are plenty of services in ports that ship rc scripts with hardcoded usernames.
Keeping the current behavior is also a reasonable choice.
Additional context
No response