After upgrading /var/run/screen lacks right permissions

Bug #871879 reported by Thomas Schweikle
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
screen (Debian)
Fix Released
Unknown
screen (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

- install byobu
- make byobu start right after login with byobu-config
- logout, then login again. Byobu will start as expected
- Upgrade from 11.04 to 11.10.
- login
- instead of byobu starting right by login in you'll be prompted with:
RSA host key for IP address '192.168.180.38' not in list of known hosts.
Directory '/var/run/screen' must have mode 775.
Directory '/var/run/screen' must have mode 775.
Directory '/var/run/screen' must have mode 775.

Since this bug is now known for about one year, could you please fix it? It is an issue with the package assuming wrong permissions 0775 while 0777 are necessary. The above error message is a false one too ...!

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: screen 4.0.3-14ubuntu8
ProcVersionSignature: Ubuntu 3.0.0-12.20-virtual 3.0.4
Uname: Linux 3.0.0-12-virtual x86_64
ApportVersion: 1.23-0ubuntu3
Architecture: amd64
Date: Mon Oct 10 18:17:39 2011
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: screen
UpgradeStatus: Upgraded to oneiric on 2011-10-10 (0 days ago)
mtime.conffile..etc.init.screen.cleanup.conf: 2011-05-20T19:57:55.887851

Revision history for this message
Thomas Schweikle (tps) wrote :
Revision history for this message
Thomas Schweikle (tps) wrote :

The permissions shall better be set to 01777 on /var/run/screen. Allowing only the creator to remove the socket created per screen session. Otherwise it's quite easy to execute a denial of service attack localy: erase all sockets ...

Revision history for this message
Axel Beckert (xtaran) wrote :
Revision history for this message
Axel Beckert (xtaran) wrote :

Hi Thomas,

> Since this bug is now known for about one year, could you please fix it?

Just because a bug is known for a while does not mean, it's trivially to fix.

Revision history for this message
Dustin Kirkland  (kirkland) wrote : Re: [Bug 871879] Re: After upgrading /var/run/screen lacks right permissions

Hmm, I've tried to reproduce this bug, and I'm not able to.

I am able to login and automatically launch screen+byobu in Ubuntu
11.10, with my /var/run/screen/ directory permissions in the system
default:

drwxrwxr-x 3 root utmp 60 2011-10-10 12:53 /var/run/screen/

and the system default on /usr/bin/screen as well:

-rwxr-sr-x 1 root utmp 375984 2011-06-06 13:02 /usr/bin/screen*

I think you have something else going on there Thomas....

Changed in screen (Debian):
status: Unknown → Incomplete
Revision history for this message
Thomas Schweikle (tps) wrote :

On a new install it is working. On an old, upgraded system it is not (after upgrading).
I had to add an dpkg-statoverride to get rid of the error. On none of the systems affected there was a statoverride given for "/var/run/screen". No startup files where modified.

Revision history for this message
Thomas Schweikle (tps) wrote :

I could make the bug vanish by removing screen, purging all configuration files, searching for not removed files, deleting them by hand, removing all statoverrides, then reinstalling screen.
Looks a lot like something left over from an older version of screen playing with newer versions breaking them. Since all systems affected had different files to clean up I am not sure which one it was. Starting with user defined configurations and ending at /var/run/screen aka /run/screen (with latest installs).

It was related to https://bugs.launchpad.net/ubuntu/+source/screen/+bug/727741, at least for some of the mentioned errors.

Revision history for this message
Thomas Schweikle (tps) wrote :

The bug is again there:
Upgrade from Ubuntu 11.10 to 12.04 ...
After it is ready login:
> Directory '/var/run/screen' must have mode 777.
> Directory '/var/run/screen' must have mode 777.
> Directory '/var/run/screen' must have mode 777.
---

Versions:
ii byobu 5.6-0ubuntu1 powerful, text based window manager and shell multiplexer
ii screen 4.0.3-14ubuntu8 terminal multiplexor with VT100/ANSI terminal emulation
ii tmux 1.5-3 terminal multiplexer
---

/etc/init/screen-cleanup.conf:
# cat /etc/init/screen-cleanup.conf
# screen

description "GNU Screen Cleanup"
author "Dustin Kirkland <email address hidden>"

start on filesystem

task

script
        SCREENDIR=/var/run/screen
        if [ -L $SCREENDIR ] || [ ! -d $SCREENDIR ]; then
                rm -f $SCREENDIR
                mkdir $SCREENDIR
                chown root:utmp $SCREENDIR
        fi
        find $SCREENDIR -type p -delete
        # If the local admin has used dpkg-statoverride to install the screen
        # binary with different set[ug]id bits, change the permissions of
        # $SCREENDIR accordingly
        BINARYPERM=`stat -c%a /usr/bin/screen`
        if [ "$BINARYPERM" -ge 4000 ]; then
                chmod 0755 $SCREENDIR
        elif [ "$BINARYPERM" -ge 2000 ]; then
                chmod 0775 $SCREENDIR
        else
                chmod 0777 $SCREENDIR
        fi
end script
---

dpkg-statoverride --list | grep screen:
---

Revision history for this message
Thomas Schweikle (tps) wrote :

Upgrading to precise solves this bug. The newer install script seems fixed.

Revision history for this message
Thomas Schweikle (tps) wrote :

Must take my own comment #9 down: this is there again: upgrading from Ubuntu 10.04.4 to Ubuntu 12.04.1 using byobu for login leads to message: "/var/run/screen must have permission 0777". After rebooting.

changing /var/run/screen once to permissions 0777 fixes this. The change seems to be persistent and solves the error.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in screen (Ubuntu):
status: New → Confirmed
Revision history for this message
Thomas Schweikle (tps) wrote :

Seems fixed now

Thomas Schweikle (tps)
Changed in screen (Ubuntu):
status: Confirmed → Fix Released
Changed in screen (Debian):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.