| 1 |
On Tue, 17 Mar 2015 22:14:03 +0200 |
| 2 |
Matti Nykyri <matti.nykyri@×××.fi> wrote: |
| 3 |
|
| 4 |
> > On Mar 17, 2015, at 21:52, German <gentgerman@×××××.com> wrote: |
| 5 |
> > |
| 6 |
> > On Tue, 17 Mar 2015 20:39:46 +0200 |
| 7 |
> > Matti Nykyri <matti.nykyri@×××.fi> wrote: |
| 8 |
> > |
| 9 |
> >>> On Mar 17, 2015, at 19:33, German <gentgerman@×××××.com> wrote: |
| 10 |
> >>> |
| 11 |
> >>> On Tue, 17 Mar 2015 19:16:42 +0200 |
| 12 |
> >>> Matti Nykyri <matti.nykyri@×××.fi> wrote: |
| 13 |
> >>> |
| 14 |
> >>>>>> On Mar 17, 2015, at 18:11, German <gentgerman@×××××.com> wrote: |
| 15 |
> >>>>>> |
| 16 |
> >>>>>> Don't hit your head to a brick wall. A small strace to the login process reveals that login set things as you tell it to in /etc/login.defs |
| 17 |
> >>>>>> |
| 18 |
> >>>>>> In this file change the line: |
| 19 |
> >>>>>> TTYPERM 0600 |
| 20 |
> >>>>>> To: |
| 21 |
> >>>>>> TTYPERM 0620 |
| 22 |
> >>>>>> |
| 23 |
> >>>>>> And your problem is fixed. |
| 24 |
> >>>>> |
| 25 |
> >>>>> Sorry, this didn't fix it |
| 26 |
> >>>> |
| 27 |
> >>>> Yes. Sorry. The mode was wrong: |
| 28 |
> >>>> |
| 29 |
> >>>> TTYPERM 660 |
| 30 |
> >>>> |
| 31 |
> >>>> Will fix it, if your screen is setgid tty and ttyX is gid tty. If not then: |
| 32 |
> >>>> |
| 33 |
> >>>> TTYPERM 666 |
| 34 |
> >>>> |
| 35 |
> >>>> Will fix it, but also your tty will be world readable. If you don't consider that too big security risk, then just go |
| 36 |
> >>> |
| 37 |
> >>> Neither 660 nor 666 fixed it. Sorry :( |
| 38 |
> >> |
| 39 |
> >> If you have: |
| 40 |
> >> |
| 41 |
> >> TTYPERM 0666 |
| 42 |
> >> |
| 43 |
> >> And logout and login. What mode and ownership do you have in you tty (/dev/ttyX)? |
| 44 |
> > |
| 45 |
> > Ok, Matti, 0666 worked, now I can run screen as a user. Thanks. Do you think I have to try to run it 0660? Will it be less security risk? |
| 46 |
> |
| 47 |
> Well 0666 = 666. The reason it now worked is because you logged out and then back in. This is becaus login program only reads the /etc/login.defs-file when you login. |
| 48 |
> |
| 49 |
I pretty much sure that I logged out and logged in back after setting to 666 and it didn't work, but setting to 0666 has worked. Strange. |
| 50 |
|
| 51 |
> With mode 0666 every user on your computer can read everything (every character) you have in your screen (so not much privacy). If you set: |
| 52 |
> |
| 53 |
> TTYGROUP utmp |
| 54 |
> TTYPERM 0660 |
| 55 |
> |
| 56 |
> And have: |
| 57 |
> |
| 58 |
> -rwxr-sr-x root utmp /usr/bin/screen |
| 59 |
> |
| 60 |
> Everything will also work and you have more privacy. |
| 61 |
|
| 62 |
I'll be the only user on this system. So I guess I can leave it as it is. |
| 63 |
|
| 64 |
> |
| 65 |
> When /bin/login us run it changes ownership of the tty to the user who logs in. Su -l does not do this. That is why the screen doesn't work. ConsoleKit is the program that is responsible for many of these permission changes. Do you have that installed? |
| 66 |
|
| 67 |
I think ConsoleKit was installed when I emerged screen, but I am not sure. |
| 68 |
> |
| 69 |
> -- |
| 70 |
> -Matti |
| 71 |
> |
| 72 |
> |
| 73 |
> |
| 74 |
> |
| 75 |
|
| 76 |
|
| 77 |
-- |
| 78 |
German <gentgerman@×××××.com> |
Archives