On 14/08/07, Jim Cheetham <[EMAIL PROTECTED]> wrote: > Screen does allow this level of control, with the Multi-user mode ACL > settings; but they are obscure and difficult to use in a hurry. Also > too difficult for me to succeed with a 2-minute example that works ... > :-(
JFGI ... http://www.linux.com/articles/56443 <quote> 1. Set the screen binary (/usr/bin/screen) setuid root. By default, screen is installed with the setuid bit turned off, as this is a potential security hole. 2. The teacher starts screen in a local xterm, for example via screen -S SessionName. The -S switch gives the session a name, which makes multiple screen sessions easier to manage. 3. The student uses SSH to connect to the teacher's computer. 4. The teacher then has to allow multiuser access in the screen session via the command Ctrl-a :multiuser on (all screen commands start with the screen escape sequence, Ctrl-a). 5. Next the teacher grants permission to the student user to access the screen session with Ctrl-a :acladd student where student is the student login ID. 6. The student can now connect to the teacher's screen session. The syntax to connect to another user's screen session is screen -x username/session. At this point the teacher and student both have control of the session. Note that there are security implications to this -- the student is operating the session as the teacher and could potentially do something to damage the system. If you don't trust your students then you should probably use a special teacher account and not your normal login account. The teacher can also make the student's session read-only. To do this, use the aclchg screen command to remove write access for the student: Ctrl-a :aclchg student -w "#". The student can then only observe the teacher's actions. Otherwise, the teacher will have to let the student work on the honor system. </quote>
