Get “screen is terminating” without root

gnu-screenpermissions

I have installed screen on Fedora 19. When I test the command as root remotely through SSH, it works perfectly. For instance, if I enter screen a new terminal emulator is started and waits for commands. I can detach it, etc. However when I try to do the same once I am logged remotely through SSH as a standard user, the command terminates immediately. The only message I see is [screen is terminating].

Does someone have already had this problem? Is it related to bad permissions?

Update:

$ strace -e trace=file screen
execve("/usr/bin/screen", ["screen"], [/* 23 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libtinfo.so.5", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libutempter.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libcrypt.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libpam.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libfreebl3.so", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib/locale/UTF-8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
access("/home/steam/.nethackrc", F_OK)  = -1 ENOENT (No such file or directory)
readlink("/proc/self/fd/0", "/dev/pts/0", 4095) = 10
stat("/dev/pts/0", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
lstat("/dev/pts/0", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
open("/var/run/utmp", O_RDONLY)         = 3
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
open("/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
readlink("/proc/self/fd/0", "/dev/pts/0", 4095) = 10
stat("/dev/pts/0", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
stat("/dev/pts/0", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
lstat("/dev/pts/0", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
stat("/var/run/screen", {st_mode=S_IFDIR|0775, st_size=60, ...}) = 0
Directory '/var/run/screen' must have mode 777.
+++ exited with 1 +++

I have tried to change permissions to 777 but then when I execute screen, I get:

Directory '/var/run/screen' must have mode 775.

Therefore, I have reverted my changes.

Best Answer

The flip-flopping between "must have mode 777" and "must have mode 775" is caused by strace.

screen is usually a setuid or setgid program. It gains extra privileges when it is executed, which is uses to create socket files and/or modify utmp.

When a process is being traced, setuid and setgid are disabled. The tracing process, controlled by the less-privileged user, can take over the traced process so it must run without its extra privileges to avoid giving the original user too much power.

screen detects whether it is being run with setuid privileges, setgid privileges, or neither, and adjusts its expectation of the directory permissions accordingly.

So this creates a class of problems that can't be easily debugged with strace.

But if you're root, there is a workaround! If the tracing process is running as root, then the traced process can gain privileges normally. So here's what you do:

Open 2 new terminals
In the first terminal, log in to the remote machine as root
In the second terminal, log in to the remote machine as normal user
Use ps to get the PID of the normal user's shell process in the second terminal
In the first terminal, run strace -f -p SHELLPID
In the second terminal, run screen and watch it fail
In the first terminal, you now have the strace log you need to find out what's really wrong.

The key addition to the strace command is the -f option, which tells it to trace child processes. You need it to trace the screen that will be a child of the shell process you specified with -p.

I also like to use -ff and specify an output file with -o, as in

strace -ff -o /tmp/screentrace -p SHELLPID

which will create a separate output file for each child process. Afterward you read them with less /tmp/screentrace* and the result is usually cleaner than what you get using a single -f.

UPDATE

Now that I've seen the strace output, I don't know exactly what went wrong, but this line is the most surprising thing in the trace:

chown("/dev/pts/2", 1002, 5)            = -1 EPERM (Operation not permitted)

A few lines earlier, it created a pty, which was revealed by TIOCGPTN to be number 2.

open("/dev/ptmx", O_RDWR)               = 5
...
ioctl(5, TIOCGPTN, [2])                 = 0
stat("/dev/pts/2", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 2), ...}) = 0

But it was unable to chown it. I don't know why that chown would fail, but the chown failure does give a plausible reason why screen gave up. You can get a little more information by adding -v to the strace options, and looking at the stat after the TIOCGPTN to see who owns the /dev/pts/ entry.

Related Solutions

Screen session running as root? (it shouldn’t be) node.js

Your system, once screen detaches, destroys the pts, and for some reason recreates it, if I understand correctly how udev is handling things on your system.

udev is the subsystem that controls the creation and destruction of devices in /dev, which is a dynamically generated filesystem. pts creation/destruction is handled by ptmx, which is used to create pseudo-terminal master/slave pairs. pts/* is the slave of the respective PTM, or pseudo-terminal master. As such, any permissions modifications that you see are a direct result of the destruction and creation of said device nodes, rather than modification. As for the date of the file, since the device nodes are clones, it's likely that the original used to create these nodes had a creation date of the time that you see in your ls output.

man ptmx -- Describes how ptmx creates new pts pseudo terminal device nodes.

What I don't understand is why there is a difference between how your system behaves versus how mine behaves with regard to /dev/pts/*. I do not experience perceived perms changes to devices; They either disappear entirely which is as it should be, or the perms do not change regardless of my actions (e.g., detaching screen, the device stays, and does not get destroyed/recreated.). Not only that, but the dates associated with my newly created pts/* devices are the current date.

One possibility is that the VPS you're using has something to do with this behavior. For example, I can't perform a dist-upgrade on my VPS, since the system they utilize only allows for one kernel version, the one they've hacked and put in place. The kind of restrictions that prevent you from updating your own kernel could also impact the functionality of other sub-systems. That's just speculation though, but it would make sense.

It could also just be a difference in how udev is configured.

Revision 3, with a lot of help from Gilles. ;)

GNU Screen – Prevent Session Termination Once Executed Script Ends

To keep screen busy after the script completes, just keep something persistent running in a window. The simplest choice for that "something" is probably an interactive shell. Here's one way to do it (assuming bash as the choice of interactive shell):

screen -dmS session_name sh -c '/share/Sys/autorun/start_udp_listeners.sh; exec bash'

-dm: starts screen in detached mode
-S: sets session name for screen for easier retrieval later on
sh -c '...': instead of simply running your script, which will terminate, use sh -c to run multiple commands
exec bash: after the script terminates, the sh from above will switch over to an interactive shell (bash), which should never exit until something external terminates it. This will keep screen open as long as the bash instance is alive.

Best Answer

Related Solutions

Screen session running as root? (it shouldn’t be) node.js

GNU Screen – Prevent Session Termination Once Executed Script Ends

Related Question