screen and Environment Variables
By default, screen passes along to its shells (and other processes) whatever environment variables it had when the session was started (i.e. reconnecting does not change which environment variables are given to new shells). But because both screen and shells' configuration files commonly change environment variables, there are many places where unexpected changes can be introduced. There are a few variables, like TERM, that screen it almost always changes, but these are generally required for the functionality that screen provides.
Let's say that neither your shell's configuration, nor screen's configuration will modify a variable named FOOBAR (fairly likely, all in all). If you start a session with FOOBAR=foo screen
, then all the shells created in that session will have an environment variable named FOOBAR with a value of foo
.
Things get more complicated for variables that either screen or your shell might modify.
Missing Settings When Using screen
Login Shells
If you find that some settings are missing in shells started by screen, it may be because your shell is configured only to update those settings for ‘login’ shells. Most shells understand a special convention (in C: **argv == '-'
) that screen can be configured to use.
Per the screen documentation:
shell command
Set the command to be used to create a new shell. This overrides the
value of the environment variable $SHELL. This is useful if you'd like
to run a tty-enhancer which is expecting to execute the program speci-
fied in $SHELL. If the command begins with a '-' character, the shell
will be started as a login-shell.
To have screen start shells as ‘login’ shells, start screen with screen -s -/bin/bash
, or add this line to your .screenrc
:
shell -/bin/bash
Adjust for the path to whatever shell you happen to be using.
screen Configuration
Missing or reset environment variables could also be due to setenv
and unsetenv
commands in a screen configuration file. You will have to check both the .screenrc in your home directory and whichever file your compilation of screen is using as the ‘system screenrc’ (you might try a command like strings "$(which screen)" | fgrep -i screenrc
to find the pathname that was configured at compile time–it is usually /etc/screenrc for a system-installed screen; add-on installations will probably use some other pathname). You can use SCREENRC=/dev/null SYSSCREENRC=/dev/null screen
to temporarily avoid these settings files, but there is a compile-time option that prevents the effective use of SYSSCREENRC (presumably so that system administrators can force some bit of initial configuration).
Duplicate Settings When Using screen
It is fairly common to add items to an environment variable like PATH in a shell's configuration file(s) so that the updated value is available to normal shell sessions (e.g. xterm or other terminal windows, console sessions, etc.). If such items are added in a shell's per-shell configuration (or, if you are using the -/path/to/shell
setting described above, in the shells per-login configuration) then the shell started by screen will likely have multiple copies of the added items.
One strategy to avoid this is to put all additions to variables like PATH in the per-login configuration of your shell and avoid using the -/path/to/shell
shell setting with screen.
Another strategy is to only conditionally add the new items to the variable. Depending on the shell, the code to do this can be a bit complicated, but it can usually be encapsulated in a shell function for easy use.
Yet another strategy is to always start with a fixed value in your configuration files. This can sometimes cause problems when moving your configuration files from system to system when the default values might vary significantly.
Diagnostics
If you can not directly spot where a particular modification is happening, you can try the following to track down where the change is happening.
Check the current value in your initial shell:
echo "$PATH"
Check how the shell itself modifies the value when a sub-shell is created:
/bin/bash -c 'echo "$PATH"'
Check how the shell modifies the value when a ‘login’ sub-shell is created:
perl -e '$s=shift;exec {$s} "-$s", @ARGV or die "unable to start shell"' /bin/bash
echo "$PATH"
exit
Check how screen modifies the value:
printf '#!/bin/sh\nl=/tmp/echo-var.log;rm -f "$l"; echo $PATH >"$l"' >/tmp/echo-var &&
chmod a+x /tmp/echo-var &&
screen -s /tmp/echo-var &&
cat /tmp/echo-var.log
Best Answer
screen
doesn't unset the environment variable; it is removed by Linux itself.On most systems, the
/usr/bin/screen
executable is installed with the setgid bit forutmp
group, in order to be able to modify theutmp
database. It also uses setgid to control access to the socket directory (/var/run/screen/
).On Linux, when a setuid (or setgid) program is ran, it does not receive certain environment variables (including
LD_LIBRARY_PATH
, several otherLD_*
variables, andHOSTALIASES
), in order to reduce the possible attack points: Otherwise you could write a small library and tricksu
orsudo
into calling your "improved" functions that way.You can remove the setgid bit from
screen
, but you will have to make the socket directory fully accessible by everyone (mode 0777). It shouldn't be a security risk, though, asscreen
also checks the attacher's UID itself.However, you should not make the
utmp
database world-writable.