HOWTO_Snoop_terminal_session

Introduction

If you would like to show someone your terminal session, for example someone on irc wanted to help you to solve a problem, but you don't want to bother yourself pasting the output from terminal, this article will try to help you.

Script

Script makes a typescript of everything printed on your terminal.

Create shell

We will create a secure "shell" for the user that would only open terminal and allow everyone to write to it

#!/bin/rbash
chmod a+w `tty`
sleep 3600

# chmod 775 /usr/local/bin/snoopsh

The shell will be closed after an hour (3600 seconds) or if the user presses ctrl-c.

Now you must add the shell to /etc/shells

# echo /usr/local/bin/snoopsh >> /etc/shells

Create user

Create a user (Ex. snoopy)

# useradd -m snoopy

Set password for the user

# passwd snoopy
New UNIX password: 
Retype new UNIX password:

Set the shell for the user

# usermod -s /usr/local/bin/snoopsh snoopy

Session

Give the password to the user and wait until he logs in.

# w snoopy
 11:17:14 up  3:23,  6 users,  load average: 1,88, 1,82, 1,90
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
snoopy   pts/6     11:16   37.00s  0.00s  0.00s /bin/rbash /usr/local/bin/snoopsh

You can now lock the account, which will prevent future logins

# passwd -l snoopy

To unlock the account type

# passwd -u snoopy

Use script to send all output from current terminal to guests terminal

# script -f /dev/pts/6
Script started, file is /dev/pts/6

The -f option flushes the outout, so snoopy sees every character you type instantly.

To stop the output type exit

# exit
exit
Script done, file is /dev/pts/6

To force users logout type

# killall snoopsh

Screen

Using Screen in multiuser mode requires screen to be as setuid root. If you know about the potential security implications you can enable it by issuing

# chmod u+s `which screen`

Multiuser mode

We need to configure screen to use multiuser mode and change privileges for the guest. Put the following commands into ~/.screenrc. You can also use them in a screen session after pressing CTRL-a :

multiuser on
aclchg snoopy -x "?"    #Revoke permission to execute any screen command
aclchg snoopy +x "wall" #Allow writing simple messages in the terminal status line
aclumask snoopy-wx      #Default permissions to windows
acladd snoopy           #Enable user snoopy to access screen session

See man screen for details.

Session

Start screen:

user@localhost $ screen

user@localhost $ screen -ls
There is a screen on:
        11521.pts-4.hostname      (Multi, attached)
1 Socket in /var/run/screen/S-user.

Now the guest can attach to the screen:

snoopy@localhost $ screen -r user/11521

Ttyutils

Ttyutils includes ttyexec, ttyadmin and ttylook.

execute ttyexec on your shell, like this:

$ ttyexec

now your terminal session will be snooping, login on another terminal, and execute command ttyadmin, the ttyexec instance will show in the list, remember the pid column, and press 'q' quit ttyadmin, and run command ttylook, like this:

$ ttylook -d $pid -w

where $pid is just you see in ttyadmin.

See also

• Screen
• MAN screen
• ttyutils - http://code.google.com/p/ttyutils/