[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: screen



Nori Heikkinen wrote:
> the sysadmins for the server i help maintain are debating installing
> screen, and our policy on letting users download and compile it for
> their own use.  are there current security risks or bugs that we would
> be running, were we to do this?  what's the general feeling on screen
> on multi-user (~1500) systems?

The 'screen' program is nothing more than a terminal session manager.
If you let users log into the system why wouldn't you let them run
screen?  I don't even understand why there would be a concern.  Please
educate me.

Are you worried that they will leave something running and then log
out leaving it running in screen?  Perhaps you should investigate
'autolog' to clean those up.  Also, periodic reboots tend to log
people out too.  :-)

> also, is there a way to allow the virtual terminal functionality of
> screen without allowing unlimited, unmonitored processes?  nohup is
> fine for running unmonitored processes, but not for the former
> functionality.

Once you have given shell access to someone they can run commands.  If
they can run commands then they can run commands.  If you are
concerned about that then you probably should not give them shell
access.  The biggest problem here "back in the day" was trojan horse
login spoofing programs to snag people's logins.

You said "monitored processes".  By what method are you monitoring
them?

Bob

Attachment: pgpobJvPi2htx.pgp
Description: PGP signature


Reply to: