[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using screen's su command to attach to somebody else's lost session
From: |
Tim Neto |
Subject: |
Re: Using screen's su command to attach to somebody else's lost session |
Date: |
Fri, 22 Sep 2006 09:25:20 -0400 |
User-agent: |
Thunderbird 1.5.0.7 (Windows/20060909) |
Hello Wayne,
You as IT (root) can do this. If the supervisor know the employee's
password (security risk), the supervisor could su to become the employee.
I use the following script to "mirror" user sessions, while I'm running
as root. You might be able to use something like it.
Script:
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --- --- --- --- --- --- --- --- ---
#!/bin/ksh
#
# Script used to mirror Systematic (screen) users.
#
# Command line options: -k == Terminate all screen mirror sessions.
#
# Terminate the currently mirrored session.
#
CMD=`basename $0`" "$@
KILL_MIRROR="N"
MUser=""
get_user()
{
echo " "
echo "Enter user to mirror."
read MUser
}
usage_info()
{
clear
echo "You command was: "$CMD
echo " "
echo " "
echo "Systematic mirroring utility - mirror."
echo " "
echo "Usage: mirror [-k] user "
echo " "
echo " -k == Kill the mirror of the user specified."
echo " user == The user account to mirror."
echo " "
echo "If only the '-k' option is given, you will be prompted"
echo " for a user log on ID for which the mirror is to end."
echo " "
echo "Examples: mirror johndoe"
echo " mirror -k johndoe"
echo " "
exit
}
#
#
#
if [ $# -ge 1 ]
then
if [ $# -eq 1 ]
then
if [ "$1" = "-k" ]
then
KILL_MIRROR="Y"
get_user
else
MUser="$1"
fi
fi
if [ $# -eq 2 ]
then
if [ "$1" = "-k" ]
then
KILL_MIRROR="Y"
MUser="$2"
else
usage_info
fi
fi
if [ $# -gt 2 ]
then
usage_info
fi
fi
if [ "$KILL_MIRROR" = "Y" ]
then
KILL_PID=`ps -ef | grep $MUser | grep "screen -x" | awk '{if($8 ==
"screen")print $2}'`
if [ -z "$KILL_PID" ]
then
echo " "
echo "User, $MUser, is currently not mirrored."
echo " "
exit
else
kill $KILL_PID
exit
fi
fi
#
# As root, change the tty device so the user can attach a screen session
to it.
#
if [ "$LOGIN" = "root" ]
then
if [ -z "$MUser" ]
then
usage_info
fi
PTS=`ps -ef | grep $PPID | awk '{if($3 == Pid)printf"/dev/%s", $6}'
Pid=$PPID`
#
UserIn=`who | grep $MUser`
if [ -z "$UserIn" ]
then
echo " "
echo " User: $MUser not sign on to the system."
echo " "
exit
fi
#
chown $MUser $PTS
su $MUser "-c mirror"
exit
else
#
# Attach to a requested screen session.
#
screen -wipe
NumOfScreens=`screen -ls | awk '{if($1 ~ /pts/) x++}END{print x}'`
if [ $NumOfScreens -gt 1 ]
then
echo " "
echo "Select one of the following screens"
echo " "
screen -ls | awk '{if($1 ~ /pts/){x++; printf"%d) %s\n", x, $0}}'
echo " "
ScreenNum=0
while [ \( $ScreenNum -le 0 \) -o \( $ScreenNum -gt $NumOfScreens \) ]
do
read ScreenNum
done
SelScreen=`screen -ls | awk '{if($1 ~ /pts/){x++; if(x ==
ScreenNum)print $1}}' ScreenNum=$ScreenNum`
else
SelScreen=`screen -ls | awk '{if($1 ~ /pts/)print $1}'`
fi
#
screen -x $SelScreen
#
exit
fi
exit
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --- --- --- --- --- --- --- --- ---
Good luck.
Tim
-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x265 1725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: address@hidden L4W 1P9
-----------------------------------------------------------
Wayne Ivory wrote:
The company I work for uses a proprietary ERP system that the users
connect to using a telnet client (Appgen). We also have forklift
operators driving around using radio links via another telnet
application. The ERP system uses a somewhat antiquated architecture
and gets very sad about locked records if a user terminates a session
either by dropping out of the radio link or just getting impatient
because a report is taking too long and doing End-Task. address@hidden In both
cases a session can be left “attached” (theoretically speaking) but
not in a manner that we can do anything about.
I’m investigating the use of screen to alleviate some of these
problems (or at least alleviate the consequences).
1. I modified a forklift driver’s .profile to do a screen –list and
look for the word “Attached”. If it is found then it does a
screen –x to attached to the dropped session, otherwise it runs
screen and invokes the ERP system. This works ideally! Now
thinking ahead, it’s possible that a forklift driver may go to
lunch or even go home whilst he has a dropped session, so I
would like his supervisor to be able to do the attach so I
started checking out the add* commands. At the very least I’d
like we IT people to be able to attach by logging in as root so
I did this and tried invoking screen’s (not unix’s) su command.
It prompted me for the user name and unix password and then
prompted me for the screen password. I tried leaving it blank,
entering the word none, entering the same password as the unix
password, but in all cases screen replied with Sorry. How can
root attach to a general user’s session?
2. As a variation on the theme of the above case, when the forklift
driver goes to lunch he may not log out. When he comes back if
he is assigned to a different forklift that is not logged in
then he will log in and his .profile as it stands will detect
the “Attached” session and attach to it, but of course this will
go multi-user on the live connection so when another driver
jumps on the original forklift the two drivers will be fighting
for control of the one session. How can I tell if an “Attached”
session is the result of a dropped radio link or if it is live?
Thanks
Wayne Ivory
Senior Analyst Programmer
Electronic Business Development
Wespine Industries Pty Ltd
------------------------------------------------------------------------
_______________________________________________
screen-users mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/screen-users