6
When I want to drop a root shell into screen, I usually do sudo screen. A friend of mine first launches screen, then drops a root shell in the screen session.
What is the better way of both from a security standpoint? Does it even matter?
Jeremy
Posted 2016-03-24T20:59:57.873
Reputation: 163
8
Generally, processes should run as root only when it's really necessary. sudo screen means that screen itself and all shells under it are running as root, while screen followed by sudo means that only that shell runs as root.
So just looking at security, the latter is preferable, but if you really need to open a lot of root shells, you might decide to take the former approach for convenience.
jjlin
Posted 2016-03-24T20:59:57.873
Reputation: 12 964
2
An old post, but one I found myself googling the same question recently. I thought I could share my own feedback. I agree that 'screen sudo' should be the way to run it most times for two reasons
Security - Every piece of code that runs with higher privileges is a risk to services and data, and there is no benefit to screen to having those privileges. jjlin covered this pretty well already, but screen sudo means that there is less code running in an escalated privilege state.
Recovery - If you are using sudo to get a shell with higher privileges (e.g. screen sudo -s), then screen sudo means that the entire shell is running within a screen. Making it easier to ensure you recover all the state when you resume that screen.
I think the first (Security) is the strongest reason but they both have benefits.
Mike
Posted 2016-03-24T20:59:57.873
Reputation: 21
2And an even slighter difference that yet can cause confusion: sudo screen will use the screenrc of root while screen (and anything inside) will use that of the user's. If either is set well and the other is not, the result may be surprising. – Gombai Sándor – 2016-03-24T22:07:25.603