Re: [dev] [abduco] Read-only connect to session from other user

From: Marc André Tanner <mat_AT_brain-dump.org>
Date: Thu, 14 Aug 2014 17:35:12 +0200

Hi,

Sorry for the late reply, I'm currently busy with exams and a proof
of concept for a text editor.

> I just switched from dtach to abduco, so that I could try to share a
> session (view-only) with another user.
> Is that expected to work?

I have never tried it but in principle it should.

> I run my session with 'abduco -A ~/${HOSTNAME}.abduco tcsh'
> Then change the perms 'chmod 755 ~/${HOSTNAME}.abduco tcsh'

Just to make sure that your not having a wrong sense of security, you can
not give read-only access via file system permissions, quoting the linux
man page for unix(7):

  In the Linux implementation, sockets which are visible in the
  file system honor the permissions of the directory they are in.
  Their owner, group and their permissions can be changed. Cre‐
  ation of a new socket will fail if the process does not have
  write and search (execute) permission on the directory the
  socket is created in. Connecting to the socket object requires
  read/write permission. This behavior differs from many BSD-
  derived systems which ignore permissions for UNIX domain sock‐
  ets. Portable programs should not rely on this feature for
  security.

That is you always need read/write permissions to connect to the socket.

If abduco is launched with the -r option it attaches in read only mode.
However this is not realy meant to be a security feature but instead
should prevent accidental input if one is only connected as an 'observer'.

> As the other user, I run 'abduco -ar ~bgolding/${HOSTNAME}.abduco'
                                       ^
I think here is your problem, ~ will expand in the context of your
second user whereas the socket was created in the home directory of
the first user.

I would try to run it with an absolute path somewhere in /tmp just to
test whether this is the problem. Running it under strace, i.e.

 strace -olog abduco -a -r /tmp/session-name

should produce a log file, where you can see which path it tries to
connect to (search for 'connect').

Also abduco currently doesn't understand your option string '-ar' but
instead requires it as '-a -r'.

Hope this helps.

-- 
 Marc André Tanner >< http://www.brain-dump.org/ >< GPG key: CF7D56C0
Received on Thu Aug 14 2014 - 17:35:12 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 14 2014 - 17:36:06 CEST