Running "screen" as soon as you log in to an account

Screen is a really nice facility for being able to leave a session running while you log out of a machine, and then be able to log back in again later and see what's happened in your absence, with any applications etc still running inside screen.

It's also a great method for running a shared login session, where two (or more) people can log in to a machine, and then share a session where anyone can type commands, and everyone sees the output. This is really useful for running tech support sessions, where you need help from someone else, or are providing support to someone else, and you want both you and the other person to see (and maybe control) what's going on. You can SSH from the shared screen session to another machine (which you don't want to, or may not be able to, set up shared access on), and everyone can still see what's being run on that remote machine.

So long as you trust the other person not to do anything in their login session outside of screen, then you can just get them to log in and then run "screen" as a command, but sometimes it's nice to ensure that screen runs immediately on login, and that as soon as you exit screen, you get logged out, so that screen is the only thing anyone logging in can use (of course, inside screen, anyone can run any shell command completely as normal, but at least this ensures that people can't log in to the account and do things in a way which isn't visible to someone else who's already logged in).

So, here's a way to do that.

  1. Create a normal login account using /bin/bash as the login shell (specified in /etc/passwd)
  2. Create (or edit) .bash_login to contain:
    /usr/bin/screen -r $USER/ || /usr/bin/screen
    logout
  3. Create (or edit) .screenrc to contain:
    startup_message off
    maxwin 1

When you first SSH into the account the command /usr/bin/screen -r $USER/ will fail, because there is no session to re-attach to, therefore .bash_login will run the command /usr/bin/screen instead. This will create a session which future logins can attach to (note: provided that /usr/bin/screen is setuid).

Provided you don't log out of this first session, future logins will now attach to the same session, so everyone logging in as this user will see the same display and be able to type commands.

Anyone who uses Ctrl-A D to detach from the session will get logged out of the machine, but the session will remain active (even if that person was the only one logged into it at the time). Other currently logged-in users will not be affected, and any commands will continue running.

If anyone exits the screen session with exit then everyone will get thrown out of the screen session and logged out of the machine.

Finally, the maxwin 1 setting prevents anyone from logging in and then creating a new window (which is not visible to anyone else logged in unless they deliberately switch to it; there is no indication that it has been created), with the possibility for running "private" commands that nobody else sees.

Separate sessions for connections from different locations

Maybe you want to enable several people at different locations to be able to log in to a single account, but each have their own screen session, independent of the others, but able to be returned to when the user logs in again from the same location as previously.

Here's how:

.bash_login should contain:

/usr/bin/screen -r ${SSH_CLIENT%% *} || /usr/bin/screen -S ${SSH_CLIENT%% *}
logout

That then identifies the screen session by the IP address from which the user is connecting. Anyone connecting (as the same user) from a different IP address will get their own session.

If you detach (with Ctrl-A D) and then reconnect some other time from the same IP address, you'll get back into the same session where you left off. Meanwhile all the other users (ie: all the other people logged in as the same user but from different addresses) are unaffected and can detach and reconnect whenever they wish.

Running only one application

As an extension to the above, you might want the user only to run one particular application when they log in, but still be able to detach and re-attach later without exiting that application.

To do that, change .bash_login so that it reads:

/usr/bin/screen -r $USER/ || /usr/bin/screen application args
logout

Replace application and args with the command-line you want to the user to be running when they get into screen.

An example I have used this for is to enable people to play a text adventure game over SSH, so .bash_login reads:

/usr/bin/screen -r $USER/ || /usr/bin/screen frotz hex.z5
logout

When the user first connects, they start the game. If they quit the game, they get logged out. If they suspend screen with Ctrl-A D, they get logged out but the game is still playable from the point they left off, next time they log in.

If you want multiple people to be able to log in and play the game independently of each other, you can combine this with the "Separate sessions for connections from different locations" trick above, so that each person logging in from their own IP address gets a separate session running the game:

/usr/bin/screen -r ${SSH_CLIENT%% *} || /usr/bin/screen -S ${SSH_CLIENT%% *} frotz hex.z5
logout

The only thing I can see going wrong with this is when two users try to save the game stateā€¦


Go up
Return to main index.