====== Running "screen" as soon as you log in to an account ======
[[https://www.gnu.org/software/screen/|Screen]] is a really nice facility for being able to leave a session running while you log out of a machine, and then be able to log back in again later and see what's happened in your absence, with any applications etc still running inside screen.
It's also a great method for running a shared login session, where two (or more) people can log in to a machine, and then share a session where anyone can type commands, and everyone sees the output. This is really useful for running tech support sessions, where you need help from someone else, or are providing support to someone else, and you want both you and the other person to see (and maybe control) what's going on. You can SSH from the shared screen session to another machine (which you don't want to, or may not be able to, set up shared access on), and everyone can still see what's being run on that remote machine.
So long as you trust the other person not to do anything in their login session __outside__ of screen, then you can just get them to log in and then run "screen" as a command, but sometimes it's nice to ensure that screen runs immediately on login, and that as soon as you exit screen, you get logged out, so that screen is the only thing anyone logging in can use (of course, inside screen, anyone can run any shell command completely as normal, but at least this ensures that people can't log in to the account and do things in a way which isn't visible to someone else who's already logged in).
So, here's a way to do that.
- Create a normal login account using /bin/bash as the login shell (specified in /etc/passwd)
- Create (or edit) **.bash_login** to contain:/usr/bin/screen -r $USER/ || /usr/bin/screen
logout
- Create (or edit) **.screenrc** to contain:startup_message off
maxwin 1
When you first SSH into the account the command **/usr/bin/screen -r $USER/** will fail, because there is no session to re-attach to, therefore .bash_login will run the command **/usr/bin/screen** instead. This will create a session which future logins can attach to (note: provided that /usr/bin/screen is setuid).
Provided you don't log out of this first session, future logins will now attach to the same session, so everyone logging in as this user will see the same display and be able to type commands.
Anyone who uses **Ctrl-A D** to detach from the session will get logged out of the machine, but the session will remain active (even if that person was the only one logged into it at the time). Other currently logged-in users will not be affected, and any commands will continue running.
If anyone exits the screen session with **exit** then everyone will get thrown out of the screen session and logged out of the machine.
Finally, the **maxwin 1** setting prevents anyone from logging in and then creating a new window (which is not visible to anyone else logged in unless they deliberately switch to it; there is no indication that it has been created), with the possibility for running "private" commands that nobody else sees.
===== Separate sessions for connections from different locations =====
Maybe you want to enable several people at different locations to be able to log in to a single account, but each have their own screen session, independent of the others, but able to be returned to when the user logs in again from the same location as previously.
Here's how:
**.bash_login** should contain:/usr/bin/screen -r ${SSH_CLIENT%% *} || /usr/bin/screen -S ${SSH_CLIENT%% *}
logout
That then identifies the screen session by the IP address from which the user is connecting. Anyone connecting (as the same user) from a different IP address will get their own session.
If you detach (with Ctrl-A D) and then reconnect some other time from the same IP address, you'll get back into the same session where you left off. Meanwhile all the other users (ie: all the other people logged in as the same user but from different addresses) are unaffected and can detach and reconnect whenever __they__ wish.
===== Running only one application =====
As an extension to the above, you might want the user only to run one particular application when they log in, but still be able to detach and re-attach later without exiting that application.
To do that, change **.bash_login** so that it reads:/usr/bin/screen -r $USER/ || /usr/bin/screen application args
logout
Replace **application** and **args** with the command-line you want to the user to be running when they get into **screen**.
An example I have used this for is to enable people to play [[miscellaneous:games:hex|a text adventure game]] over SSH, so **.bash_login** reads:/usr/bin/screen -r $USER/ || /usr/bin/screen frotz hex.z5
logout
When the user first connects, they start the game. If they quit the game, they get logged out. If they suspend screen with **Ctrl-A D**, they get logged out but the game is still playable from the point they left off, next time they log in.
If you want multiple people to be able to log in and play the game independently of each other, you can combine this with the "Separate sessions for connections from different locations" trick above, so that each person logging in from their own IP address gets a separate session running the game:/usr/bin/screen -r ${SSH_CLIENT%% *} || /usr/bin/screen -S ${SSH_CLIENT%% *} frotz hex.z5
logout
The only thing I can see going wrong with this is when two users try to save the game state...
----
[[.:|Go up]]\\
Return to [[:|main index]].