How to solve "Cannot open your terminal '/dev/pts/1' - please check."

Submitted by Shoel on Mon, 06/28/2010 - 17:23

It is quite common to create a new unprivileged user, su to it from a root shell, attempt to open a "screen" and end up with the following error: "Cannot open your terminal '/dev/pts/1' - please check." (or similar). If you are looking for an explanation or fix - this might help you.

For the sake of demonstration, I have logged in to a CentOS server using the root user directly. If we check the permissions of the terminal in question, we'll see something along the lines of this:

ls -l /dev/pts/1
crw--w---- 1 root tty 136, 1 Jun 28 16:12 /dev/pts/1

For the sake of security, the terminal is owned by the user who opened the session/shell - in this case root. If we su to a different user, it will still be owned by the original shell owner.

Some users, perhaps without understanding of what they are doing, suggest that you should simply change permissions of the terminal. That is however a bad idea. The permissions are set the way they are for a very good reason. If you allow any user access - you can effectively end up giving unprivileged users access to a privileged login shell (for an example that of a root account). That is a security risk, and something we generally want to avoid.

There are two simple ways of solving the issue without comprimising security.

The first one is fairly simple. Set a (strong) password for the user you would like to run screen as, and log in directly to that user. You will now be able to start up a screen, as you now have the appropriate permissions.

The alternative is:

  • Invoke the screen as root
  • In the screen session: change (su) to the user you would like to run things under..
  • Do stuff...
  • Detach from the screen.

This works because the root/superuser will still be able to access any user's tty.

Copyright © 2013 -