BAM Weblog

Read-only Guest tmux Sessions

Brian McKenna2013-04-29

For a while now, I've wanted a way for people to watch how I work and let me know how I could improve both my techniques and my code. I mostly work in Emacs so being inside of a terminal works fine.

At Precog we use tmux for pairing sessions. It works really great but I wanted to make it read-only for guests.

I created a guest user on the VPS that is now hosted on. The guest user is chrooted to /srv/chroot/guest via the SSH config:

Match User guest
    ForceCommand nologin
    ChrootDirectory /srv/chroot/guest
    X11Forwarding no
    AllowTcpForwarding no

The chroot has hardlinks back to system binaries (symlinks can't get out of the jail). I had to hardlink /bin/bash, its libraries (found via ldd) and my custom tmux (more on that below).

The guest user's shell points to /usr/bin/login:


Which contains:

exec /usr/local/bin/tmux -S /var/lib/tmux-sessions/guest attach -r

The /var/lib/tmux-sessions directory has group write/execute permission for admin, so that my account can create the socket. I then have to run a script to allow guest to have write permission:

exec chmod o+w /srv/chroot/guest/var/lib/tmux-sessions/guest

Sadly, I have to run that script each time I recreate the session - tmux loves to reset the permissions.

One thing about tmux is that read-only users can still resize the window for everyone. I had to patch tmux to disable that:

diff --git a/resize.c b/resize.c
index 5c365df..dab4508 100644
--- a/resize.c
+++ b/resize.c
@@ -58,7 +58,7 @@ recalculate_sizes(void)
        ssx = ssy = UINT_MAX;
        for (j = 0; j < ARRAY_LENGTH(&clients); j++) {
            c = ARRAY_ITEM(&clients, j);
-            if (c == NULL || c->flags & CLIENT_SUSPENDED)
+            if (c == NULL || c->flags & (CLIENT_SUSPENDED | CLIENT_READONLY))
            if (c->session == s) {
                if (c-> < ssx)

If a guest's window is too small, the stdout stream will write over itself when things change. Largely things looks fine but every now and then things can look a bit strange.

I also had to change /etc/ssh/sshd_config to accept empty passwords:

PermitEmptyPasswords yes

And then PAM for SSH in /etc/pam.d/sshd:

auth    [success=1 default=ignore] nullok

So now users can run ssh and have a read-only view of my guest tmux session, if I have it running. I'm hoping to be able to work on quite a few of my projects and let people spy on me.

If you have any security concerns, please send me an email at

Please enable JavaScript to view the comments powered by Disqus.