Dump/show ACL in GNU screen

3

I'm trying to make an interface to make it easier to set ACL in screen. Setting ACL is quite easy, however, I can't find a way to show or dump the existing ACL. A look in the archives of this list showed me I'm not the only one in this situation. However, the previous question on this subject seems to have never been answered.

Is there a way to see the existing ACL in screen currently? Better yet, is there a way to dump them to a file/stdout?

ℝaphink

Posted 2010-02-02T14:22:31.693

Reputation: 3 531

getacl and getfacl are no help? – Dan McGrath – 2010-02-05T10:02:33.653

Nope, these commands are unknown in screen 4.0.3. – ℝaphink – 2010-02-05T10:23:56.273

Sorry, SuperMagic cleared up what you meant. I'm talking about user ACL in screen, using the multiuser mode, not about Linux file ACL. – ℝaphink – 2010-02-08T22:48:48.983

Answers

3

According to this how-to on multiuser Screen, there presently isn't an interface to Screen's internal ACLs. This jives with the Screen manual; neither the Commands nor Multiuser Session sections give any other ACL-related commands. Here's the full list:

  • acladd - Adds users with full permission to all windows.
  • aclchg - Adds users with more flexible permissions or changes the permissions on an existing user.
  • acldel - Removes a user from screen's knowledge.
  • aclgrp - Adds a user to a group or just describes user's group membership.
  • aclumask - Sets default permissions for windows not yet created.
  • defescape - Like escape, but sets the command character for all users.
  • defwritelock - Sets the default writelock setting for new windows.
  • multiuser - Enables or disables multiuser mode.
  • su - Operate as a different user.
  • writelock - Sets writelock mode for current window.

I'm unfamiliar with Screen's internals, but if you want to access Screen ACLs in a manner other than these commands allow, you'll need to check the source directly. Your project sounds like it will be very beneficial to the Screen community, so I wish you good luck in implementing it.

If you look at src/acls.h, you'll see the structs aclusergroup and acluser; there's also a struct acl in src/screen.h. These are the basic data structures; it looks like Screen ACLs are a essentially a linked list of aclusergroup nodes, with the acluser node containing most of the interesting data.

src/acls.c contains the ACL manipulation code; for example, the acladd and aclchg commands are both handled by the function UserAcl() (line 864).

The struct looks like this:

/* in screen.h */
struct acl
{
  struct acl *next;
  char *name;
};

/* in acls.h */
/*
 * How a user joins a group.
 * Here is the node to construct one list per user.
 */
struct aclusergroup
{
  struct acluser *u;                        /* the user who borrows us his rights */
  struct aclusergroup *next;
};

/* ... */

/*
 * A User has a list of groups, and points to other users.  
 * users is the User entry of the session owner (creator)
 * and anchors all other users. Add/Delete users there.
 */
typedef struct acluser
{
  struct acluser *u_next;                    /* continue the main user list */
  char u_name[20+1];                         /* login name how he showed up */
  char *u_password;                          /* his password (may be NullStr). */
  int  u_checkpassword;                      /* nonzero if this u_password is valid */
  int  u_detachwin;                          /* the window where he last detached */
  int  u_detachotherwin;                     /* window that was "other" when he detached */
  int  u_Esc, u_MetaEsc;                     /* the users screen escape character */
#ifdef COPY_PASTE
  struct plop u_plop;                        /* internal copy-paste buffer */
#endif
#ifdef MULTIUSER
  int u_id;                                  /* a uniq index in the bitfields. */
  AclBits u_umask_w_bits[ACL_BITS_PER_WIN];  /* his window create umask */
  struct aclusergroup *u_group;              /* linked list of pointers to other users */
#endif
} User;

The ACL code seems to be included when screen is compiled with MULTIUSER (though I'm not sure if that's defined on the commandline or in some other header file), so searching for that keyword can help you find specific multiuser code.

quack quixote

Posted 2010-02-02T14:22:31.693

Reputation: 37 382

Thanks ~quack. Unfortunately, my C skills are pretty bad. I've had a look at the code and I don't really understand how commands are linked to functions in acls.c, but I might try to look again later. – ℝaphink – 2010-02-15T09:26:10.393

@Raphink: start with acls.h; that's where the data structures are stored. updated with what i can discern. this is getting into Stack Overflow territory, so if you want more details than I can provide here, you should open a question over there. – quack quixote – 2010-02-15T16:44:49.077

I'll accept this as the answer, since there is no way to achieve it right now, and you're providing the necessary information to implement it (whenever I'm motivated enough to hack it). – ℝaphink – 2011-04-29T12:52:55.980

Asked: 2010-02-02T14:22:31.693

Viewed: 2 149 times

Active: 2011-08-08T20:30:27.540