Last Updated: February 25, 2016
·
2.086K
· yottanami

Share your screen by read-only ssh on GNU/Linux

Warning: This ability needs to set ‫‪SUID flag, it can puts your machine at a security risk.

Find the binary file of screen

Check that file is the binary version, not a link file

which ‪setuid‬‬

Set SUID*

chmod u+s /usr/bin/screen

OR

chmod 4755 /usr/bin/screen

Check if Rbash not exist create it

Rbash helps for read-only shell access

[! -e /bin/rbash] && ln -sf bash /bin/rbash

Create a limited user

useradd -m -s /bin/rbash luser

Set password for new user

passwd luser

Create .profile

Create a .profile in home of new user that contains :

trap "" 2 3 20
clear
ehco "Welcome"
echo -n "Pres Enter to continue" && read
screen -x root/linux-class

Add .profile in .bash_profile

Add below line in /home/luser/‫‪.bash_profile‬‬ to run .profile file at start of terminal.

‫‪source‬‬ ‫‪~/.profile‬‬

Create screen session

Create ‫‪/root/linux-class.sh‬‬ file contains :

source /etc/profile
screen -wipe
if ! ls /root/.screen/*linux-class* &> /dev/null;then
   screen -dmS linux-class
fi
TMP=$(mktemp)
cat > ${TMP} << EOF
multiuser on
acladd students
aclchg students -wx "#,?"
aclchg students +x "detach"
EOF
screen -r linux-class -X source ${TMP}
rm ${TMP}

Make it executable

Add execute permission to linux-class.sh file

chmod +x /root/linux-class.sh

SSH

Now you can connect to ssh and use limited terminal :

‫‪‫ssh ‪luser@IP_ADDRESS

Reference: ‫‪http://pmoghadam.com/