Ubuntu Allow users access to roots "screen" command, also restrict which screens they can attach to

I'm trying to allow a user to connect to the screens that the root user has. When another user does "screen -ls", it shows "No Sockets found in /var/run/screen/S-USERNAMEHERE".

In addition to this, is it possible to restrict users to individual screens? For example, I don't want user1 to attach to screen1, but I want them to be able to attach to screen2.

Thanks, Toby.

Solution 1:

As far as I know you can tell screen to share with one user at a time.

In order for this to work, you must have SELinux enabled and screen must run as suid root - both of which are the defa

Host

1. Create session

First, create a new screen session:

$ screen -d -m -S session_name

Attach to it:

$ screen -r session_name

2. Turn on multiuser support

From within screen'; type Ctrl+a` and type

:multiuser on

Or from a outside the screen session, type:

$ screen -S session_name -X multiuser on

3. Give access to a user

From within screen, type Ctrl+a and type:

:acladd guest_username # the username to share your screen with

Or from outside a screen session, type:

$ screen -S session_name -X acladd guest_username

You could run this line programmatically to give access to a list of users.

4. Share session information

You can share your username <host_username> and the screen session name <session_name> with the guest so they can connect.

Hitting, Ctrl+a d lets you leave the session without closing screen

Guest

Armed with the access, the screen session name and the host username, the guest can connect to the screen session:

screen -x host_username/session_name

The guest should now have access to the host's screen session