Re: Using screen after sudo bash

[Kipling Inscore]

hu, May 26, 2011 at 07:09, John K. Sherwood <address@hidden> wrote:
> The situation I was talking about was the first one:
>
>        user$ sudo bash
>        password:
>        root# screen
>
> I understand that if it is run by root you might expect it to spawn shells
> as the user root; however, if you run the utility 'w' you can see that the
> system maintains a distinction between users escalated to root via sudo
> bash or vs users actually logged in as root, as follows:
>
>        user$ sudo bash
>        Password:
>        root# w
>         10:00:55 up 18:43, 3 users, load average: 0.00, 0.00, 0.00
>        USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>        imauser pts/1 machine.domain. 08:43 0.00s 0.01s 0.00s sshd: imauser 
> [priv]
>
>        root# screen
>        root# w
>         10:03:07 up 18:45,  4 users,  load average: 0.00, 0.00, 0.00
>        USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
>        root     pts/4    machine:S.1      10:03    0.00s  0.00s  0.00s w
>
>
> I guess that the bottom line is that you lose the sshd task somehow when
> you run screen, removing the indication of who is logged in and using sudo
> bash currently.

sshd is still running and the user is still logged in through it. Even
the tty (pts) for sshd is still there.

Screen creates a new pts tty; because screen was launched by root,
root owns that new tty (notice it's pts/4, where the user's was
pts/1).
What I find interesting here is that the user's tty isn't showing up
while running screen. When screen exits, it should show again (as it
does for me). I found that similar happens without sudo, it's just
more subtle--that is:

user$ who
user tty1         May 20 19:33
user tty7         May 20 19:25 (:0)
user pts/0        May 21 06:00 (:0.0)
user pts/1        May 26 08:04 (:0.0)

user$ tty
/dev/pts/1

user$ ls -l /dev/pts
crw--w---- 1 user tty  136, 6 May 21 06:00 0
crw--w---- 1 user tty  136, 6 May 26 08:04 1
c--------- 1 root     root   5, 2 May 20 19:23 ptmx

user$ screen

user$ who
user tty1         May 20 19:33
user tty7         May 20 19:25 (:0)
user pts/0        May 21 06:00 (:0.0)
user pts/2        May 26 08:04 (:0.0)

user$ tty
/dev/pts/2

user$ ls -l /dev/pts
crw--w---- 1 user tty  136, 6 May 21 06:00 0
crw--w---- 1 user tty  136, 6 May 26 08:04 1
crw--w---- 1 root tty  136, 6 May 26 08:04 2
c--------- 1 root     root   5, 2 May 20 19:23 ptmx

user$ exit

user$ who
user tty1         May 20 19:33
user tty7         May 20 19:25 (:0)
user pts/0        May 21 06:00 (:0.0)
user pts/1        May 26 08:04 (:0.0)

user$ tty
/dev/pts/1

user$ ls -l /dev/pts
crw--w---- 1 user tty  136, 6 May 21 06:00 0
crw--w---- 1 user tty  136, 6 May 26 08:04 1
c--------- 1 root     root   5, 2 May 20 19:23 ptmx

While screen is running, the tty (at least if it's a pts) from which
screen was launched still exists (and is still owned by user, not
root) but isn't listed by w or who. Perhaps it's something to do with
how w and who work or what happens on the tty from which screen was
launched while screen is running.
I would recommend investigating w and who (unless someone else on the
screen list has a suggestion).

> On 5/25/11 2:57 PM, "Kipling Inscore" <address@hidden> wrote:
>
>>On Tue, May 24, 2011 at 11:54, John K. Sherwood <address@hidden>
>>wrote:
>>> Hello all,
>>> I've been using screen for a while, but recently one of our system
>>> administrators noticed an interesting quirk of screen that made me
>>>wonder.
>>>  It seems that if you run 'screen' after running 'sudo bash', the
>>>system (as
>>
>>Without exit after sudo bash, i.e. as below?
>>
>>user$ sudo bash
>>password:
>>root# screen
>>
>>or after lowering your privileges again?
>>
>>user$ sudo bash
>>password:
>>root# exit
>>user$ screen
>>
>>> shown by the utilities 'w' and 'who') no longer sees you as "username
>>> [priv]", but instead as "root" directly.  Is this intentional?  It
>>>seems as
>>
>>It seems to be the default behavior of running anything after 'sudo
>>bash' (and before exit), since this command runs bash as root. Check
>>'whoami' after 'sudo bash', do you get 'root'?
>>I don't think screen is doing anything differently from other commands
>>in this regard, unless you still get root after exiting from 'sudo
>>bash' (I don't).
>>
>>> though screen should maintain your identity unless expressly instructed
>>>to
>>> log you in as someone else.  Maybe I'm missing something though?
>>
>>by running 'sudo bash', you've essentially logged in as root, thus
>>your identity to is root and screen is maintaining this.
>>If you want to run screen (or any command) as yourself, I don't think
>>you should be running 'sudo bash' first.
>
>