Home » Questions » Computers [ Ask a new question ]

Dump/show ACL in GNU screen

Dump/show ACL in GNU screen

I'm trying to make an interface to make it easier to set ACL in screen. Setting ACL is quite easy, however, I can't find a way to show or dump the existing ACL. A look in the archives of this list showed me I'm not the only one in this situation. However, the previous question on this subject seems to have never been answered.

Asked by: Guest | Views: 17
Total answers/comments: 1
Guest [Entry]

"According to this how-to on multiuser Screen, there presently isn't an interface to Screen's internal ACLs. This jives with the Screen manual; neither the Commands nor Multiuser Session sections give any other ACL-related commands. Here's the full list:

acladd - Adds users with full permission to all windows.
aclchg - Adds users with more flexible permissions or changes the permissions on an existing user.
acldel - Removes a user from screen's knowledge.
aclgrp - Adds a user to a group or just describes user's group membership.
aclumask - Sets default permissions for windows not yet created.
defescape - Like escape, but sets the command character for all users.
defwritelock - Sets the default writelock setting for new windows.
multiuser - Enables or disables multiuser mode.
su - Operate as a different user.
writelock - Sets writelock mode for current window.

I'm unfamiliar with Screen's internals, but if you want to access Screen ACLs in a manner other than these commands allow, you'll need to check the source directly. Your project sounds like it will be very beneficial to the Screen community, so I wish you good luck in implementing it.

If you look at src/acls.h, you'll see the structs aclusergroup and acluser; there's also a struct acl in src/screen.h. These are the basic data structures; it looks like Screen ACLs are a essentially a linked list of aclusergroup nodes, with the acluser node containing most of the interesting data.

src/acls.c contains the ACL manipulation code; for example, the acladd and aclchg commands are both handled by the function UserAcl() (line 864).

The struct looks like this:

/* in screen.h */
struct acl
{
struct acl *next;
char *name;
};

/* in acls.h */
/*
* How a user joins a group.
* Here is the node to construct one list per user.
*/
struct aclusergroup
{
struct acluser *u; /* the user who borrows us his rights */
struct aclusergroup *next;
};

/* ... */

/*
* A User has a list of groups, and points to other users.
* users is the User entry of the session owner (creator)
* and anchors all other users. Add/Delete users there.
*/
typedef struct acluser
{
struct acluser *u_next; /* continue the main user list */
char u_name[20+1]; /* login name how he showed up */
char *u_password; /* his password (may be NullStr). */
int u_checkpassword; /* nonzero if this u_password is valid */
int u_detachwin; /* the window where he last detached */
int u_detachotherwin; /* window that was ""other"" when he detached */
int u_Esc, u_MetaEsc; /* the users screen escape character */
#ifdef COPY_PASTE
struct plop u_plop; /* internal copy-paste buffer */
#endif
#ifdef MULTIUSER
int u_id; /* a uniq index in the bitfields. */
AclBits u_umask_w_bits[ACL_BITS_PER_WIN]; /* his window create umask */
struct aclusergroup *u_group; /* linked list of pointers to other users */
#endif
} User;

The ACL code seems to be included when screen is compiled with MULTIUSER (though I'm not sure if that's defined on the commandline or in some other header file), so searching for that keyword can help you find specific multiuser code."