Re: Using screen's su command to attach to somebody else's lost session

[Tim Neto]

Hello Wayne,

You as IT (root) can do this. If the supervisor know the employee's 
password (security risk), the supervisor could su to become the employee.

I use the following script to "mirror" user sessions, while I'm running 
as root. You might be able to use something like it.

Script:
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- 
--- --- --- --- --- --- --- --- --- --- --- --- --- ---
#!/bin/ksh
#
# Script used to mirror Systematic (screen) users.
#
# Command line options: -k == Terminate all screen mirror sessions.
#
# Terminate the currently mirrored session.
#
CMD=`basename $0`" "$@
KILL_MIRROR="N"
MUser=""
get_user()
{
echo " "
echo "Enter user to mirror."
read MUser
}
usage_info()
{
clear
echo "You command was: "$CMD
echo " "
echo " "
echo "Systematic mirroring utility - mirror."
echo " "
echo "Usage: mirror [-k] user "
echo " "
echo " -k == Kill the mirror of the user specified."
echo " user == The user account to mirror."
echo " "
echo "If only the '-k' option is given, you will be prompted"
echo " for a user log on ID for which the mirror is to end."
echo " "
echo "Examples: mirror johndoe"
echo " mirror -k johndoe"
echo " "
exit
}
#
#
#
if [ $# -ge 1 ]
then
if [ $# -eq 1 ]
then
if [ "$1" = "-k" ]
then
KILL_MIRROR="Y"
get_user
else
MUser="$1"
fi
fi
if [ $# -eq 2 ]
then
if [ "$1" = "-k" ]
then
KILL_MIRROR="Y"
MUser="$2"
else
usage_info
fi
fi
if [ $# -gt 2 ]
then
usage_info
fi
fi

if [ "$KILL_MIRROR" = "Y" ]
then
KILL_PID=`ps -ef | grep $MUser | grep "screen -x" | awk '{if($8 == 
"screen")print $2}'`
if [ -z "$KILL_PID" ]
then
echo " "
echo "User, $MUser, is currently not mirrored."
echo " "
exit
else
kill $KILL_PID
exit
fi
fi
#
# As root, change the tty device so the user can attach a screen session 
to it.
#
if [ "$LOGIN" = "root" ]
then
if [ -z "$MUser" ]
then
usage_info
fi
PTS=`ps -ef | grep $PPID | awk '{if($3 == Pid)printf"/dev/%s", $6}' 
Pid=$PPID`
#
UserIn=`who | grep $MUser`
if [ -z "$UserIn" ]
then
echo " "
echo " User: $MUser not sign on to the system."
echo " "
exit
fi
#
chown $MUser $PTS
su $MUser "-c mirror"
exit
else
#
# Attach to a requested screen session.
#
screen -wipe
NumOfScreens=`screen -ls | awk '{if($1 ~ /pts/) x++}END{print x}'`
if [ $NumOfScreens -gt 1 ]
then
echo " "
echo "Select one of the following screens"
echo " "
screen -ls | awk '{if($1 ~ /pts/){x++; printf"%d) %s\n", x, $0}}'
echo " "
ScreenNum=0
while [ \( $ScreenNum -le 0 \) -o \( $ScreenNum -gt $NumOfScreens \) ]
do
read ScreenNum
done
SelScreen=`screen -ls | awk '{if($1 ~ /pts/){x++; if(x == 
ScreenNum)print $1}}' ScreenNum=$ScreenNum`
else
SelScreen=`screen -ls | awk '{if($1 ~ /pts/)print $1}'`
fi
#
screen -x $SelScreen
#
exit
fi
exit
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- 
--- --- --- --- --- --- --- --- --- --- --- --- --- ---

Good luck.

Tim

-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer         Komatsu Canada Limited
Ph#: 905-625-6292 x265            1725B Sismet Road
Fax: 905-625-6348                 Mississauga, Canada
E-Mail: address@hidden          L4W 1P9
-----------------------------------------------------------



Wayne Ivory wrote:
> The company I work for uses a proprietary ERP system that the users 
> connect to using a telnet client (Appgen). We also have forklift 
> operators driving around using radio links via another telnet 
> application. The ERP system uses a somewhat antiquated architecture 
> and gets very sad about locked records if a user terminates a session 
> either by dropping out of the radio link or just getting impatient 
> because a report is taking too long and doing End-Task. address@hidden In both 
> cases a session can be left “attached” (theoretically speaking) but 
> not in a manner that we can do anything about.
>
> I’m investigating the use of screen to alleviate some of these 
> problems (or at least alleviate the consequences).
>
>    1. I modified a forklift driver’s .profile to do a screen –list and
>       look for the word “Attached”. If it is found then it does a
>       screen –x to attached to the dropped session, otherwise it runs
>       screen and invokes the ERP system. This works ideally! Now
>       thinking ahead, it’s possible that a forklift driver may go to
>       lunch or even go home whilst he has a dropped session, so I
>       would like his supervisor to be able to do the attach so I
>       started checking out the add* commands. At the very least I’d
>       like we IT people to be able to attach by logging in as root so
>       I did this and tried invoking screen’s (not unix’s) su command.
>       It prompted me for the user name and unix password and then
>       prompted me for the screen password. I tried leaving it blank,
>       entering the word none, entering the same password as the unix
>       password, but in all cases screen replied with Sorry. How can
>       root attach to a general user’s session?
>    2. As a variation on the theme of the above case, when the forklift
>       driver goes to lunch he may not log out. When he comes back if
>       he is assigned to a different forklift that is not logged in
>       then he will log in and his .profile as it stands will detect
>       the “Attached” session and attach to it, but of course this will
>       go multi-user on the live connection so when another driver
>       jumps on the original forklift the two drivers will be fighting
>       for control of the one session. How can I tell if an “Attached”
>       session is the result of a dropped radio link or if it is live?
>
> Thanks
>
> Wayne Ivory
>
> Senior Analyst Programmer
>
> Electronic Business Development
>
> Wespine Industries Pty Ltd
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> screen-users mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/screen-users
>