hu, May 26, 2011 at 07:09, John K. Sherwood <jsher...@stetson.edu> wrote: > The situation I was talking about was the first one: > > user$ sudo bash > password: > root# screen > > I understand that if it is run by root you might expect it to spawn shells > as the user root; however, if you run the utility 'w' you can see that the > system maintains a distinction between users escalated to root via sudo > bash or vs users actually logged in as root, as follows: > > user$ sudo bash > Password: > root# w > 10:00:55 up 18:43, 3 users, load average: 0.00, 0.00, 0.00 > USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT > imauser pts/1 machine.domain. 08:43 0.00s 0.01s 0.00s sshd: imauser > [priv] > > root# screen > root# w > 10:03:07 up 18:45, 4 users, load average: 0.00, 0.00, 0.00 > USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT > root pts/4 machine:S.1 10:03 0.00s 0.00s 0.00s w > > > I guess that the bottom line is that you lose the sshd task somehow when > you run screen, removing the indication of who is logged in and using sudo > bash currently.
sshd is still running and the user is still logged in through it. Even the tty (pts) for sshd is still there. Screen creates a new pts tty; because screen was launched by root, root owns that new tty (notice it's pts/4, where the user's was pts/1). What I find interesting here is that the user's tty isn't showing up while running screen. When screen exits, it should show again (as it does for me). I found that similar happens without sudo, it's just more subtle--that is: user$ who user tty1 May 20 19:33 user tty7 May 20 19:25 (:0) user pts/0 May 21 06:00 (:0.0) user pts/1 May 26 08:04 (:0.0) user$ tty /dev/pts/1 user$ ls -l /dev/pts crw--w---- 1 user tty 136, 6 May 21 06:00 0 crw--w---- 1 user tty 136, 6 May 26 08:04 1 c--------- 1 root root 5, 2 May 20 19:23 ptmx user$ screen user$ who user tty1 May 20 19:33 user tty7 May 20 19:25 (:0) user pts/0 May 21 06:00 (:0.0) user pts/2 May 26 08:04 (:0.0) user$ tty /dev/pts/2 user$ ls -l /dev/pts crw--w---- 1 user tty 136, 6 May 21 06:00 0 crw--w---- 1 user tty 136, 6 May 26 08:04 1 crw--w---- 1 root tty 136, 6 May 26 08:04 2 c--------- 1 root root 5, 2 May 20 19:23 ptmx user$ exit user$ who user tty1 May 20 19:33 user tty7 May 20 19:25 (:0) user pts/0 May 21 06:00 (:0.0) user pts/1 May 26 08:04 (:0.0) user$ tty /dev/pts/1 user$ ls -l /dev/pts crw--w---- 1 user tty 136, 6 May 21 06:00 0 crw--w---- 1 user tty 136, 6 May 26 08:04 1 c--------- 1 root root 5, 2 May 20 19:23 ptmx While screen is running, the tty (at least if it's a pts) from which screen was launched still exists (and is still owned by user, not root) but isn't listed by w or who. Perhaps it's something to do with how w and who work or what happens on the tty from which screen was launched while screen is running. I would recommend investigating w and who (unless someone else on the screen list has a suggestion). > On 5/25/11 2:57 PM, "Kipling Inscore" <k...@bijna.net> wrote: > >>On Tue, May 24, 2011 at 11:54, John K. Sherwood <jsher...@stetson.edu> >>wrote: >>> Hello all, >>> I've been using screen for a while, but recently one of our system >>> administrators noticed an interesting quirk of screen that made me >>>wonder. >>> It seems that if you run 'screen' after running 'sudo bash', the >>>system (as >> >>Without exit after sudo bash, i.e. as below? >> >>user$ sudo bash >>password: >>root# screen >> >>or after lowering your privileges again? >> >>user$ sudo bash >>password: >>root# exit >>user$ screen >> >>> shown by the utilities 'w' and 'who') no longer sees you as "username >>> [priv]", but instead as "root" directly. Is this intentional? It >>>seems as >> >>It seems to be the default behavior of running anything after 'sudo >>bash' (and before exit), since this command runs bash as root. Check >>'whoami' after 'sudo bash', do you get 'root'? >>I don't think screen is doing anything differently from other commands >>in this regard, unless you still get root after exiting from 'sudo >>bash' (I don't). >> >>> though screen should maintain your identity unless expressly instructed >>>to >>> log you in as someone else. Maybe I'm missing something though? >> >>by running 'sudo bash', you've essentially logged in as root, thus >>your identity to is root and screen is maintaining this. >>If you want to run screen (or any command) as yourself, I don't think >>you should be running 'sudo bash' first. > > _______________________________________________ screen-users mailing list screen-users@gnu.org https://lists.gnu.org/mailman/listinfo/screen-users
