/var/run can be mounted tmpfs and cleared during a reboot. Hence, programs (or their init scripts) should not rely on dirs under /var/run and should create them if necessary instead. Screen creates the /var/run/screen dir when necessary. After a complete /var/run wipe, different users can still use screen without a problem: $ ls -ld /var/run/screen/ /var/run/screen/* drwxr-xr-x 4 root users 4096 Aug 21 15:03 /var/run/screen/ drwx------ 2 user1 users 4096 Aug 21 15:03 /var/run/screen/S-user1 drwx------ 2 user2 users 4096 Aug 21 15:03 /var/run/screen/S-user2 Note the lines below quoted from screen-4.0.3-r1.ebuild. Almost all of it is necessary to enable different UIDs to connect to the same screen screen (including the suid screen binary, ugh). This has security implications. Also, it won't work with /var/run on tmpfs. Please consider if we should drop the multiuser flag. Please close if "Not a bug". This is more of a security/reconsider check since screen works as it is with /var/run on tmpfs albeit without the multiuser flag. src_install() { [...] keepdir /var/run/screen || die "keepdir failed" if use multiuser || use prefix then fperms 4755 /usr/bin/screen || die "fperms failed" else fowners root:utmp /{usr/bin,var/run}/screen \ || die "fowners failed, use multiuser USE-flag instead" fperms 2755 /usr/bin/screen || die "fperms failed" [...] pkg_postinst() { if use multiuser || use prefix then use prefix || chown root:0 "${EROOT}"/var/run/screen if use prefix; then chmod 0777 "${EROOT}"/var/run/screen else chmod 0755 "${EROOT}"/var/run/screen fi else chown root:utmp "${EROOT}"/var/run/screen chmod 0775 "${EROOT}"/var/run/screen Reproducible: Always
You argument of "Also, it won't work with /var/run on tmpfs." is wrong, the multiuser case is the only case when it works with /var/run on tmpfs, as screen can only create /var/run/screen by itself when it's setuid root. And I don't think it's good to force this on every user, which is what this bug is all about in the end. In general we need a way for a package to create these directories at boot time, without the overhead of creating an init script for very package as screen needs no init script by itself.
(In reply to comment #1) > screen can only create /var/run/screen by itself when it's setuid root. True. So we can have /usr/bin/screen 0755 and /var/run/screen 0777 or /usr/bin/screen 2755 and /var/run/screen 0775 or /usr/bin/screen 4755 and /var/run/screen 0755 > And I don't think it's good to force this on every user Agreed. > which is what this bug is all about in the end. Well, partly. Mostly we (that is you) have to make a decision. We either have a init script for screen that adjusts permissions on /var/run/screen or screen may or may not work with /var/run on tmpfs depending on the permissions. > In general we need a way for a package to create these > directories at boot time, without the overhead of creating an init script for > very package as screen needs no init script by itself. In general yes. In this particular case I am not sure. But it is your decision and I am fine either way.
FWIW, Debian installs screen with sgid and checks the /var/run perms with an initscript. Centos (and presumably RHEL) also installs the binary with sgid but with no init script and won't work with /var/run on tmpfs. Slackware, perhaps not surprisingly, install the binary as a regular executable file with socket file in $HOME/.screen. And finally, FreeBSD seems to install the binary with suid bit set.
*** Bug 390497 has been marked as a duplicate of this bug. ***
I get hear from bug 390497. systemd comes with solution for such keys (/var/run in tmpfs) - tmpfiles.d ( http://0pointer.de/public/systemd-man/tmpfiles.d.html ) It might be good idea too use this files/syntax in openrc (for compatibility) too. And start provide with all required packages files for tmpfiles.d It gives us: 1. better systemd support 2. better openrc /var/run (tmpfs) support Without introducing anything new.
*** Bug 370453 has been marked as a duplicate of this bug. ***
*** Bug 398769 has been marked as a duplicate of this bug. ***
Created attachment 299095 [details, diff] Use /var/lib/screen instead of /var/run/screen This will migrate everything in a way the current open screen(s) will continue to work. But these socket files really belong to /var/run so I've not applied this to Portage. OpenRC should have support for creating directories on boot, like systemd does.
@openrc maintainers: is there support for creating /var/run/screen, when screen doesn't have it's own init script?
(In reply to comment #9) > @openrc maintainers: is there support for creating /var/run/screen, when screen > doesn't have it's own init script? Bug 396003.
Changing socket directory is not required. If USE=multiuser screen have suid and able to create direcrory at first run. If USE=-multiuser we can configure --disable-socket-dir and screen store sockets in user's home. Also suid/sgid is not needed.
(In reply to comment #11) > Changing socket directory is not required. > > If USE=multiuser screen have suid and able to create direcrory at first run. > > If USE=-multiuser we can configure --disable-socket-dir and screen store > sockets in user's home. Also suid/sgid is not needed. I like that solution to be honest. +*screen-4.0.3-r5 (24 May 2012) + + 24 May 2012; Jeremy Olexa <darkside@gentoo.org> +screen-4.0.3-r5.ebuild: + Revision bump to disable socket dir (and use ~/.screen/ instead) for cases + where /var/run is tmpfs, etc. This seems more portable and has been the best + solution proposed on bug 333821
(In reply to comment #11) > If USE=-multiuser we can configure --disable-socket-dir and screen store > sockets in user's home. Also suid/sgid is not needed. I think /run/user/ is better infrastructure for this, then /home, such sockets should be stored in /run/user/SOME_USER/screen.
After last changes screen calls from my init.d scripts do not create any .sock files :( (none in /root/.screen) Suddenly... Only USE="multiuser" helps me. But what about compatibility?
*** Bug 424169 has been marked as a duplicate of this bug. ***
*** Bug 425382 has been marked as a duplicate of this bug. ***
>After last changes screen calls from my init.d scripts do not create any .sock files :( (none in /root/.screen They are in /.screen/ (yes, .screen directory under /), just in case. This is completely wrong. >Only USE="multiuser" helps me. But what about compatibility? Same with me. screen is the one of apps prooving compatibility exits for me. And you broke it.
