1 |
On Tue, 17 Mar 2015 22:14:03 +0200 |
2 |
Matti Nykyri <matti.nykyri@×××.fi> wrote: |
3 |
|
4 |
> > On Mar 17, 2015, at 21:52, German <gentgerman@×××××.com> wrote: |
5 |
> > |
6 |
> > On Tue, 17 Mar 2015 20:39:46 +0200 |
7 |
> > Matti Nykyri <matti.nykyri@×××.fi> wrote: |
8 |
> > |
9 |
> >>> On Mar 17, 2015, at 19:33, German <gentgerman@×××××.com> wrote: |
10 |
> >>> |
11 |
> >>> On Tue, 17 Mar 2015 19:16:42 +0200 |
12 |
> >>> Matti Nykyri <matti.nykyri@×××.fi> wrote: |
13 |
> >>> |
14 |
> >>>>>> On Mar 17, 2015, at 18:11, German <gentgerman@×××××.com> wrote: |
15 |
> >>>>>> |
16 |
> >>>>>> Don't hit your head to a brick wall. A small strace to the login process reveals that login set things as you tell it to in /etc/login.defs |
17 |
> >>>>>> |
18 |
> >>>>>> In this file change the line: |
19 |
> >>>>>> TTYPERM 0600 |
20 |
> >>>>>> To: |
21 |
> >>>>>> TTYPERM 0620 |
22 |
> >>>>>> |
23 |
> >>>>>> And your problem is fixed. |
24 |
> >>>>> |
25 |
> >>>>> Sorry, this didn't fix it |
26 |
> >>>> |
27 |
> >>>> Yes. Sorry. The mode was wrong: |
28 |
> >>>> |
29 |
> >>>> TTYPERM 660 |
30 |
> >>>> |
31 |
> >>>> Will fix it, if your screen is setgid tty and ttyX is gid tty. If not then: |
32 |
> >>>> |
33 |
> >>>> TTYPERM 666 |
34 |
> >>>> |
35 |
> >>>> Will fix it, but also your tty will be world readable. If you don't consider that too big security risk, then just go |
36 |
> >>> |
37 |
> >>> Neither 660 nor 666 fixed it. Sorry :( |
38 |
> >> |
39 |
> >> If you have: |
40 |
> >> |
41 |
> >> TTYPERM 0666 |
42 |
> >> |
43 |
> >> And logout and login. What mode and ownership do you have in you tty (/dev/ttyX)? |
44 |
> > |
45 |
> > Ok, Matti, 0666 worked, now I can run screen as a user. Thanks. Do you think I have to try to run it 0660? Will it be less security risk? |
46 |
> |
47 |
> Well 0666 = 666. The reason it now worked is because you logged out and then back in. This is becaus login program only reads the /etc/login.defs-file when you login. |
48 |
> |
49 |
I pretty much sure that I logged out and logged in back after setting to 666 and it didn't work, but setting to 0666 has worked. Strange. |
50 |
|
51 |
> With mode 0666 every user on your computer can read everything (every character) you have in your screen (so not much privacy). If you set: |
52 |
> |
53 |
> TTYGROUP utmp |
54 |
> TTYPERM 0660 |
55 |
> |
56 |
> And have: |
57 |
> |
58 |
> -rwxr-sr-x root utmp /usr/bin/screen |
59 |
> |
60 |
> Everything will also work and you have more privacy. |
61 |
|
62 |
I'll be the only user on this system. So I guess I can leave it as it is. |
63 |
|
64 |
> |
65 |
> When /bin/login us run it changes ownership of the tty to the user who logs in. Su -l does not do this. That is why the screen doesn't work. ConsoleKit is the program that is responsible for many of these permission changes. Do you have that installed? |
66 |
|
67 |
I think ConsoleKit was installed when I emerged screen, but I am not sure. |
68 |
> |
69 |
> -- |
70 |
> -Matti |
71 |
> |
72 |
> |
73 |
> |
74 |
> |
75 |
|
76 |
|
77 |
-- |
78 |
German <gentgerman@×××××.com> |