Why does redirecting 'script' to /dev/null/ allow 'screen' to work while su'ed as another user?

bash linux gnu-screen su

I was su'ed into a user to run a particular long running script. I wanted to use screen but I got the error message "Cannot open your terminal '/dev/pts/4' - please check."

So I Googled around and came across a forum post that instructed to run $ script '/dev/null/'. I did so and then I could screen.

Why does this work? What is su doing that screen cannot run as the su'ed user? Why does re-directing 'script' to /dev/null do that is prevented otherwise? Is it using script to write a log as the original user to somewhere?


Well, technically you're not redirecting anything here.

Calling script /dev/null just makes script save the whole typescript into /dev/null which in practice means discarding the contents.

See man script for detailed info and util-linux-ng package for implementation (misc-utils/script.c).

This has nothing to do with screen actually. Why this works is invoking script has a side effect of creating a pseudo-terminal for you at /dev/pts/X. This way you don't have to do it yourself, and screen won't have permission issues - if you su from user A to user B, by directly invoking screen you try to grab possession of user A's pseudo-terminal. This won't succeed unless you're root. That's why you see the error message.


To output directly to your terminal window, the running program needs to be able to write to your controlling terminal. If you are using an xterm or ssh or some other virtual connection (as opposed to a real live directly connected terminal) your controlling terminal is a pseudo tty (pty).

Your pty is set up with write permission for only you when you log on, otherwise other users could scribble on your display (or read it). Thus when you su to another user (and that user is not root), that user does not have access to the underlying pty.

However, more complex I/O such as screen requires direct access to the pty to work it's magic of controlling your whole screen. That's when you run in to problems with the person running the command not having proper access to the controlling terminal.

Redirecting the script to /dev/null causes screen to not try to write to the controlling terminal, so it doesn't hit the permission problem.

Related

IIS6 vs. IIS7 and IIS7.5: handling URLs with plus sign (+) in base (not querystring)
Nginx vs Apache as reverse proxy, which one to choose
Clear the Recycle Bin For All Users in Windows Server 2008 R2
Why do mobile networks have high latencies? How can they be reduced?
How to disconnect from lxc-console
Where does logrotate save its own log?
How to use Jenkins with SSL / https
What does "<service_name> dead but subsys locked" mean?
Can you lookup a domains past nameserver & mx record history?
postgres server fails to start, produces no log, how to to troubleshoot?
Failed tls handshake. Does not contain any IP SANs
Postgres error message: FATAL: Ident authentication failed for user "..."