Sharing a terminal with multiple users (with screen or otherwise)

I am setting up a server where there are multiple developers working on multiple applications.

I have figured out how to give certain developers shared access to the necessary application directories using the setgid bit and default ACLs to give anyone in a group access.

Many of these applications run under a terminal while in development for easy access. When I work alone, I set up a user for an application and run screen as that user. This has the downside that every developer to use the screen session needs to know the password and it is harder to keep user and application accounts separate.

One way that could work is using screen multiuser features. They do not work out-of-the-box however, screen complains about needing suid root. Does giving that have any downsides? I am pretty careful about using suid root anything. Maybe there is a reason why it isn’t the default?

Should I do it with screen or is there some other intelligent way of doing what I want?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Yes, you can do it with screen which has multiuser support.

First, create a new session:

screen -d -m -S multisession

Attach to it:
screen -r multisession

Turn on multiuser support:

Press Ctrl-a and type (NOTE: Ctrl+a is needed just before each single command, i.e. twice here)

:multiuser on
:acladd USER ← use username of user you want to give access to your screen

Now, Ctrl-a d and list the sessions:
$ screen -ls
There is a screen on:
    4791.multisession   (Multi, detached)

You now have a multiuser screen session. Give the name multisession to acl’d user, so he can attach to it:
screen -x youruser/multisession

And that’s it.

The only drawback is that screen must run as suid root. But as far as I know is the default, normal situation.

Another option is to do screen -S $screen_id -X multiuser on, screen -S $screen_id -X acladd authorized_user

Hope this helps.

Method 2

I’ve determined that the reason why other people commenting on this question could not do multi-user even after following the steps in @Scyld de Fraud’s answer is because SELinux must be enabled (see https://phoenixnap.com/kb/enable-selinux-centos). Screen requires this for certain functionality, such as assigning the Access Control List (via the screen acladd & aclchg commands) permissions to limit or grant access to various users on multi-user displays, as well as for restarting zombie sessions.

Method 3

Original post – this answer to How to execute a command inside a screen session:

It took me some time, but what I found is: Version of screen 4.06
has a bug. If you want to send a command over a shared screen session
like this, it fails:

screen -S shared_session_name -X stuff "command n"

Screen fails with an error:
Cannot opendir /run/screen/S-$USER: Permissions denied

After updating to the version screen 4.09 it works.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments