On Sat, 2006-06-03 at 18:24 -0700, Ryan Tandy wrote:
> Iain Buchanan wrote:
> > 1. sudo chmod u+s /usr/bin/screen
> > 2. sudo chmod 755 /var/run/screen
> > 3. screen -r sessionowner/[[pid.]tty[.host]]
>
> I think the little part of me that's even slightly security-conscious
> just had a heart attack.
Yeah, this means anyone with login access can view any screen on the
host. However, I intend to get around this in a number of ways:
1. There are no real-life users on this machine - it just performs tasks
(not a good enough security by itself, I know).
2. Screens will be created with `screen -d -m blah` so when the blah
process dies, the screen will terminate, meaning someone watching won't
be left with root access.
3. Machines are remote, requiring dial up password, then ssh password,
without general world wide access.
4. Any more suggestions this list offers :)
> It's interesting that screen -r has the desired effect, though; I could
> have sworn screen -x was the only method that did the simultaneous-use
> thing.
Hmm, that's what the man page says about -x, but it says similar about
-r - note it only worked when I specified sessionowner/
thanks,
--
Iain Buchanan <iaindb at netspace dot net dot au>
Women complain about sex more than men. Their gripes fall into two
categories: (1) Not enough and (2) Too much.
-- Ann Landers
--
gentoo-user@gentoo.org mailing list
