I recently had the need to connect to a existing screen owned by other user, and after a bit struggling, I did find the solution. This is what I did.
- Check if the setuid is set to root on the screen binary.
In arch linux is set on by default, which is what we want. If it set to group or others it would be a security issue. To know which bit is set, execute:
$ LC_ALL=C getfacl /usr/bin/screen getfacl: Removing leading '/' from absolute path names # file: usr/bin/screen # owner: root # group: root # flags: s-- user::rwx group::r-x other::r-x
As you can see in line “flags”, the bit is set for the owner (root), which is fine. If you want to change the setuid to the owner, do:
$ sudo chmod u+s /usr/bin/screen $ sudo chmod g-s /usr/bin/screen $ sudo chmod -t /usr/bin/screen
Or just in one line with
$ sudo chmod 4755 /usr/bin/screen
Where the first digit (4) corresponds to the bit “owner” set to one, and group and sticky bit to zero, following the next logic
owner group sticky number 0 0 0 0 0 0 1 1 0 1 0 2 0 1 1 3 1 0 0 4 1 0 1 5 1 1 0 6 1 1 1 7
- User “A” starts the screen command
For easyly identify the session, you can name it by doing
userA@localhost$ screen -S sharedSession
Where sharedSession will be the name of the session we want to set.
- User “B” connects via ssh to the computer where user “A” started screen.
- User “A” has to let user “B” to connect to the screen session by doin
Crtl + a: multiuser on Ctrl + a: acladd user
Where userb is the username of the user “B”.
- User “B” now can connect to the shared screen from user “A” by doing:
$ screen -x usera/sharedSession
Where usera is the username of user “A” and sharedSession the shared session name.
If the user who shares the session is root and a non-root account tries to connect, perhaps you need to give permissions to /var/run/screen/ to let everyone write it, the system will let you know if it is the case.
# chmod 777 /var/run/screen