Bug 98320
Summary: | Screen's socket directory inherits stickybit | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Ben Woodard <woodard> |
Component: | screen | Assignee: | Lon Hohberger <lhh> |
Status: | CLOSED RAWHIDE | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-07-10 19:56:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ben Woodard
2003-07-01 00:13:51 UTC
From: Ryan Braby <braby1> To: Ben Woodard <bwoodard> Cc: Michael J. Miller Jr. <miller87>, woodard9 Subject: Re: Bug Report (screen) Date: Mon, 30 Jun 2003 17:43:06 -0700 Hi Ben, I took a look at the bugzilla report, and think it should be mentioned that as well as having screen work for multiple users, we would also prefer it to operate in a mode that does not require directories or files to have global read/write permissions. Thus, why Mike mentioned possibly using $HOME/.screen/. Of course, another option would be to have it use $TMPDIR/uscreens/ (we set $TMPDIR to include the userid for users) or something along those lines. -Ryan /* * Define SOCKDIR to be the directory to contain the named sockets * screen creates. This should be in a common subdirectory, such as * /usr/local or /tmp. It makes things a little more secure if you * choose a directory which is not writable by everyone or where the * "sticky" bit is on, but this isn't required. * If SOCKDIR is not defined screen will put the named sockets in * the user's home directory. Notice that this can cause you problems * if some user's HOME directories are AFS- or NFS-mounted. Especially * AFS is unlikely to support named sockets. * * Screen will name the subdirectories "S-$USER" (e.g /tmp/S-davison). */ #undef SOCKDIR Oddly enough, I see a changelog from 1999 by one of our engineers which claims to have done exactly what I am doing. I wonder where that functionality went... I'm disabling the global screen-session directory; screen will use $HOME/.screen Correction... screen will do the following: - Try to open a UNIX domain socket in $HOME/.screen/<socket> - If successful, it will use $HOME/.screen as the socket directory. - If unsuccessful, it will use /tmp/screen-<user> This is the middle path: /tmp/screens isn't created by a specific user's screen process, and in most cases (ie, whenever $HOME/.screen is a directory on any file system which supports UNIX domain sockets), we use that - making it more secure in most cases. For instance, old versions of NFS do not support sockets, nor does AFS. We also don't need to worry about /tmp/screens getting removed periodically (thus needing to be re-created). http://people.redhat.com/lhh/screen-3.9.15-9.i386.rpm http://people.redhat.com/lhh/screen-3.9.15-9.src.rpm That should do it. |