Nori Heikkinen wrote: > the sysadmins for the server i help maintain are debating installing > screen, and our policy on letting users download and compile it for > their own use. are there current security risks or bugs that we would > be running, were we to do this? what's the general feeling on screen > on multi-user (~1500) systems? The 'screen' program is nothing more than a terminal session manager. If you let users log into the system why wouldn't you let them run screen? I don't even understand why there would be a concern. Please educate me. Are you worried that they will leave something running and then log out leaving it running in screen? Perhaps you should investigate 'autolog' to clean those up. Also, periodic reboots tend to log people out too. :-) > also, is there a way to allow the virtual terminal functionality of > screen without allowing unlimited, unmonitored processes? nohup is > fine for running unmonitored processes, but not for the former > functionality. Once you have given shell access to someone they can run commands. If they can run commands then they can run commands. If you are concerned about that then you probably should not give them shell access. The biggest problem here "back in the day" was trojan horse login spoofing programs to snag people's logins. You said "monitored processes". By what method are you monitoring them? Bob
Attachment:
pgpuoB8SyPDHq.pgp
Description: PGP signature