Is the root user able to administer screen for other users?

We're trying to rewrite a draconian screen session killer for users who leave their screen sessions up for an inordinate amount of time and have in some way or other circumvented our session timeouts.

The current method is to find the pid for screen and kill it, it it looks like the screen program is written in a way that you can hook into other users sessions, but when I try to do anything as root, the screen directory is a different directory. Guessing this is for security reasons, but is there anyway to intentionally override this so that I can just do something like screen -r somedude/33333 -d -X quit? as root?

Solution 1:

Standard screen instances are singleuser, i.e. each instance can only be accessed by the user who creates it.

To allow multi-user screen instance, you may want to add these commands:

multiuser on
addacl root,<user1>,<user2>,...

to your global screen config, i.e. /etc/screenrc.

Every screen instances after this should be multi-user screen, i.e. can be attached by another users specified in addacl; except if overriden by user-specific commands.

You can list user screens with

$ find /var/run/screen -type s
/var/run/screen/S-<user>/<pid>.<tty>.<host>

and attach to another user's screen with

$ screen -d -r <user>/<pid>

Check man screen, Customization section for more info about screenrc.

Note that each user may also add their own user-specific screenrc commands in $HOME/.screenrc file, therefore disabling multi-user screen for their user.