I'm primarily a
User Developer Sysadmin A mixture Something else entirely .. ( 461 votes ~ 10 comments )
You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.
To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.
This is the comment you were replying to, attached to the article Using GNU screen's multiuser feature for remote support:
#6 Re: Using GNU screen's multiuser feature for remote support Posted by Anonymous (128.32.xx.xx) on Tue 22 Jan 2008 at 05:19 On the other hand, multiuser mode CAN be used to let two DIFFERENT users to access the same screen (so you don't have to share a login password or allow an SSH key with essentially full access to the account). By default, this is not allowed on Debian, even if you turn multiuser mode on, but if you absolutely need this functionality, you can do it this way (I just tested it---I, of course, don't use it this way): First, make sure, as root: 1. Your /usr/bin/screen is setuid root. You can do this by running: chmod u+s /usr/bin/screen but this has quite a significant security implication, which is why this is not Debian's default setting. 2. Your /var/run/screen should have 755 permission (again, this is not Debian's setting (775 permission), as Debian lets setgid and group ownership of screen executable by utmp to handle writing to this system dir). You can do this by running: chmod 755 /var/run/screen Second, as the screen-sharing user (say, "debian"): 1. Run the "^A:multiuser on" command as described above. 2. Add the user to share it with (in this case, "test") by "^A:acladd test TMHNdoMbEaNfU". The last argument is the crypted password (you can generate one with mkpasswd, if necessary. If you were wondering, that's the crypt hash of "blah"). Now, as "test": 1. Run "screen -x debian/5321" where "5321" is the screen session ID (or you can type the first few digits that will uniquely match one screen session). You will be asked for password, type it, then now you have two users sharing a screen. ... But, in my opinion, this is such a complicated setup, and unless you need the ACL features of screen (more detail at: http://aperiodic.net/screen/multiuser), the gaping hole that suid root of screen executable leaves is hardly worth it.
Posting Format:
Inappropriate comments will be removed.
Some help on entry formatting is available
Username:
Password:
[ Advanced Login ]
Register Account
