[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using screen after sudo bash
From: |
Kipling Inscore |
Subject: |
Re: Using screen after sudo bash |
Date: |
Thu, 26 May 2011 08:13:18 -0700 |
hu, May 26, 2011 at 07:09, John K. Sherwood <address@hidden> wrote:
> The situation I was talking about was the first one:
>
> user$ sudo bash
> password:
> root# screen
>
> I understand that if it is run by root you might expect it to spawn shells
> as the user root; however, if you run the utility 'w' you can see that the
> system maintains a distinction between users escalated to root via sudo
> bash or vs users actually logged in as root, as follows:
>
> user$ sudo bash
> Password:
> root# w
> 10:00:55 up 18:43, 3 users, load average: 0.00, 0.00, 0.00
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> imauser pts/1 machine.domain. 08:43 0.00s 0.01s 0.00s sshd: imauser
> [priv]
>
> root# screen
> root# w
> 10:03:07 up 18:45, 4 users, load average: 0.00, 0.00, 0.00
> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
> root pts/4 machine:S.1 10:03 0.00s 0.00s 0.00s w
>
>
> I guess that the bottom line is that you lose the sshd task somehow when
> you run screen, removing the indication of who is logged in and using sudo
> bash currently.
sshd is still running and the user is still logged in through it. Even
the tty (pts) for sshd is still there.
Screen creates a new pts tty; because screen was launched by root,
root owns that new tty (notice it's pts/4, where the user's was
pts/1).
What I find interesting here is that the user's tty isn't showing up
while running screen. When screen exits, it should show again (as it
does for me). I found that similar happens without sudo, it's just
more subtle--that is:
user$ who
user tty1 May 20 19:33
user tty7 May 20 19:25 (:0)
user pts/0 May 21 06:00 (:0.0)
user pts/1 May 26 08:04 (:0.0)
user$ tty
/dev/pts/1
user$ ls -l /dev/pts
crw--w---- 1 user tty 136, 6 May 21 06:00 0
crw--w---- 1 user tty 136, 6 May 26 08:04 1
c--------- 1 root root 5, 2 May 20 19:23 ptmx
user$ screen
user$ who
user tty1 May 20 19:33
user tty7 May 20 19:25 (:0)
user pts/0 May 21 06:00 (:0.0)
user pts/2 May 26 08:04 (:0.0)
user$ tty
/dev/pts/2
user$ ls -l /dev/pts
crw--w---- 1 user tty 136, 6 May 21 06:00 0
crw--w---- 1 user tty 136, 6 May 26 08:04 1
crw--w---- 1 root tty 136, 6 May 26 08:04 2
c--------- 1 root root 5, 2 May 20 19:23 ptmx
user$ exit
user$ who
user tty1 May 20 19:33
user tty7 May 20 19:25 (:0)
user pts/0 May 21 06:00 (:0.0)
user pts/1 May 26 08:04 (:0.0)
user$ tty
/dev/pts/1
user$ ls -l /dev/pts
crw--w---- 1 user tty 136, 6 May 21 06:00 0
crw--w---- 1 user tty 136, 6 May 26 08:04 1
c--------- 1 root root 5, 2 May 20 19:23 ptmx
While screen is running, the tty (at least if it's a pts) from which
screen was launched still exists (and is still owned by user, not
root) but isn't listed by w or who. Perhaps it's something to do with
how w and who work or what happens on the tty from which screen was
launched while screen is running.
I would recommend investigating w and who (unless someone else on the
screen list has a suggestion).
> On 5/25/11 2:57 PM, "Kipling Inscore" <address@hidden> wrote:
>
>>On Tue, May 24, 2011 at 11:54, John K. Sherwood <address@hidden>
>>wrote:
>>> Hello all,
>>> I've been using screen for a while, but recently one of our system
>>> administrators noticed an interesting quirk of screen that made me
>>>wonder.
>>> It seems that if you run 'screen' after running 'sudo bash', the
>>>system (as
>>
>>Without exit after sudo bash, i.e. as below?
>>
>>user$ sudo bash
>>password:
>>root# screen
>>
>>or after lowering your privileges again?
>>
>>user$ sudo bash
>>password:
>>root# exit
>>user$ screen
>>
>>> shown by the utilities 'w' and 'who') no longer sees you as "username
>>> [priv]", but instead as "root" directly. Is this intentional? It
>>>seems as
>>
>>It seems to be the default behavior of running anything after 'sudo
>>bash' (and before exit), since this command runs bash as root. Check
>>'whoami' after 'sudo bash', do you get 'root'?
>>I don't think screen is doing anything differently from other commands
>>in this regard, unless you still get root after exiting from 'sudo
>>bash' (I don't).
>>
>>> though screen should maintain your identity unless expressly instructed
>>>to
>>> log you in as someone else. Maybe I'm missing something though?
>>
>>by running 'sudo bash', you've essentially logged in as root, thus
>>your identity to is root and screen is maintaining this.
>>If you want to run screen (or any command) as yourself, I don't think
>>you should be running 'sudo bash' first.
>
>