Have you tried using bash --rcfile “Path to your bashrc” -c “commands”
My rc.local has
shopt -s expand_aliases
source ~/.bashrc
You may want to try the full path to your .bashrc
Thanks, I’ll try on next reboot, but I think it reads it.
I’ve never actually done it either, but I just made a quick attempt at it and I think I have it working. This is what I did.
$ sudo semanage fcontext -a -t bin_t '/usr/bin/screen'
$ sudo restorecon -v /usr/bin/screen
$ sudo mkdir /etc/systemd/system/getty@tty7.service.d
$ sudo tee /etc/systemd/system/getty@tty7.service.d/override.conf << 'END'
[Unit]
Description=
Description=Screen on %I
Documentation=
Documentation=man:screen
[Service]
SELinuxContext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
User=root
WorkingDirectory=~
EnvironmentFile=-/etc/environment
Environment="SHELL=-/usr/bin/bash"
ExecStart=
ExecStart=-/usr/bin/screen -S %I -U
KillSignal=SIGHUP
ExitType=cgroup
END
$ sudo systemctl daemon-reload
$ sudo systemctl enable --now getty@tty7.service
Then press Ctrl+Alt+F7 to switch to VT7 and hopefully find your running screen instance there. Note that it is running as root and it is unlocked. The next thing you would surely want to look into would be locking the screen session down somehow (e.g. using screen’s lockscreen command in the /root/.screenrc file).
Edit: I was too quick to say I had it working. SELinux is blocking everything because it is still running as getty_t. I’m not sure how to get it to switch to unconfined_t, but you would need to do that before this will work.
Edit: It looks like it was easier that I thought it would be. I just needed to add a SELinuxContext=... line to the override.conf file. I’ve revised the above example and I think it is working now.
The next thing to do is passwd root to set root’s password if you have not already and then make sure the following line is in /root/.screenrc.
lockscreen
It should then start the screen session locked and you will have to enter the root account’s password to unlock it.
(Use C-a x to re-lock the terminal.)
You might want to add the following line to your ~/.screenrc to prevent accidentally detaching screen from your virtual terminal if you actually use your VT (it replaces the detach hotkey with the lock command).
bind d lockscreen
(You may also want to override ^d if you ever use that.)
I think maybe the clue is in manual. So using -m switch ignores $STY environment. But not sure how else to create new screen and detached it.
-m causes screen to ignore the $STY environment variable. With screen -m creation of a new session is enforced, regardless whether screen is called from within another screen session or not. This
flag has a special meaning in connection with the `-d’ option:
Thanks @glb
If I understand this, I need to be on actual console? I use my F37 boxes in server environment, so I’m not on the location. Also does it need to run selinux?
You don’t need to be on the actual console, but screen will reserve one and be available if you want to access it that way. It also doesn’t require selinux. So if you have that disabled or in permissive mode (unadvised!), then you can skip those steps. If you want to attach to it remotely, you should be able to with the usual screen -r tty7 and then detaching with C-a d should leave it running. If you need to restart the service for whatever reason, that could be done with systemctl restart getty@tty7.service (beware that this will kill all running processes in the existing screen session).
P.S. This would just be cosmetic, but if you want to be able to refer to the service as screen@tty7.service, you could add the following to the bottom of that override.conf file.
[Install]
Alias=screen@.service
Apologies if I’m misunderstanding or not explaining well.
This is how I did this today without using a user service:
The service file goes into /etc/systemd/system/ I used screen.service as the name:
[Unit]
Description=Screen Service
After=multi-user.target
[Service]
Type=forking
User="insert your username here"
ExecStart=/bin/bash -c "/usr/bin/screen -d -m -S d bash"
Remainonexit=true
[Install]
WantedBy=default.target
Enable the service and reboot.
This is what the environment Looks like for me when run this way
SHELL=/bin/bash
TERMCAP=SC|screen|VT 100/ANSI X3.64 virtual terminal:DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:bs:bt=\E[Z:cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:ct=\E[3g:do=^J:nd=\E[C:pt:rc=\E8:rs=\Ec:sc=\E7:st=\EH:up=\EM:le=^H:bl=^G:cr=^M:it#8:ho=\E[H:nw=\EE:ta=^I:is=\E)0:li#24:co#80:am:xn:xv:LP:sr=\EM:al=\E[L:AL=\E[%dL:cs=\E[%i%d;%dr:dl=\E[M:DL=\E[%dM:dc=\E[P:DC=\E[%dP:im=\E[4h:ei=\E[4l:mi:IC=\E[%d@:ks=\E[?1h\E=:ke=\E[?1l\E>:vi=\E[?25l:ve=\E[34h\E[?25h:vs=\E[34l:ti=\E[?1049h:te=\E[?1049l:Km=\E[M:k0=\E[10~:k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:F1=\E[23~:F2=\E[24~:kh=\E[1~:@1=\E[1~:kH=\E[4~:@7=\E[4~:kN=\E[6~:kP=\E[5~:kI=\E[2~:kD=\E[3~:ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:
WINDOW=0
EDITOR=/usr/bin/nvim
PWD=/
LOGNAME=grumpey
SYSTEMD_EXEC_PID=1530
HOME=/home/grumpey
LANG=en_US.UTF-8
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;37;41:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.avif=01;35:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.webp=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=01;36:.au=01;36:.flac=01;36:.m4a=01;36:.mid=01;36:.midi=01;36:.mka=01;36:.mp3=01;36:.mpc=01;36:.ogg=01;36:.ra=01;36:.wav=01;36:.oga=01;36:.opus=01;36:.spx=01;36:.xspf=01;36:~=00;90:#=00;90:.bak=00;90:.old=00;90:.orig=00;90:.part=00;90:.rej=00;90:.swp=00;90:.tmp=00;90:.dpkg-dist=00;90:.dpkg-old=00;90:.ucf-dist=00;90:.ucf-new=00;90:.ucf-old=00;90:.rpmnew=00;90:.rpmorig=00;90:.rpmsave=00;90:
INVOCATION_ID=50927da884714e6e815f766f58d9576f
MOZ_GMP_PATH=/usr/lib64/mozilla/plugins/gmp-gmpopenh264/system-installed
TERM=screen
LESSOPEN=||/usr/bin/lesspipe.sh %s
USER=grumpey
VISUAL=/usr/bin/nvim
SHLVL=1
DEBUGINFOD_URLS=https://debuginfod.fedoraproject.org/
JOURNAL_STREAM=8:34893
XDG_DATA_DIRS=/home/grumpey/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/
PATH=/home/grumpey/.local/bin:/home/grumpey/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
STY=1533.d
_=/usr/bin/env
I was also able to achieve the same results with:
[Unit]
Description=Screen Service with script
After=multi-user.target
[Service]
Type=forking
User=grumpey
ExecStart=/bin/bash -c "/home/grumpey/bin/screen.bash"
Remainonexit=true
[Install]
WantedBy=default.target
screen.bash was:
#!/bin/bash
/bin/bash -c "/usr/bin/screen -d -m -S top bash -c top"
/bin/bash -c "/usr/bin/screen -d -m -S bash bash"
2 Likes
Thanks for an update
1.) Remainonexit shows me as
Unknown key name ‘Remainonexit’ in section ‘Service’, ignoring.
so I’ve used RemainAfterExit not sure if they were the same.
2.) screen starts normally, but when creating new screen window, it’s again without bash environment. Have you tried to create new window (CTRL a- c)? when entering the screen?
Thanks @glb . This is actually working 
Wow. This will ease up after reboots hassle on all servers . I presume that screen name can be changed and you defined it with %I in ExecStart?
Remainonexit was a typo. Thanks!
I had not. When I do, it has the same environment as the old window.
Out of curiosity does any of this change if you set bash as a login shell in ~/.screenrc
defshell -/bin/bash
Yeah, %I is just a placeholder for whatever is after the @ symbol in the service filename (getty@tty7.service) so if you ran, for example, cp -r /etc/systemd/system/getty@tty7.service.d /etc/systemd/system/getty@tty8.service.d then you would get another auto-starting screen session on tty8 and the session name would be “tty8” because of the %I substitution. But you can use whatever you want in place of the %I. You don’t have to name the screen sessions after the virtual terminal they are running on.
1 Like
Yes it did change and environment is now present. I actually put it in /etc/screenrc as I started service as root. I assume it would load bash environment now regardless how I start it
Good call. It makes sense to make these screen sessions login shells, so I added that - to the SHELL=... line in my earlier example as well so that adding defshell -/bin/bash to /etc/screenrc should no longer be necessary for anyone who might find and use that example.
1 Like
Thanks for the update @glb . What does - do when adding to the path? I’ve never seen it used before.
It causes your ~/.bash_profile script to be called instead of ~/.bashrc.
Excerpted from man bash:
INVOCATION
A login shell is one whose first character of argument zero is a -, or one started with the --login option.An interactive shell is one started without non-option arguments (unless -s is specified) and without the -c option, whose standard input and error are both connected to terminals (as determined by isatty(3)), or one started with the -i option. PS1 is set and $- includes i if bash is interactive, allowing a shell script or a startup file to test this state.
The following paragraphs describe how bash executes its startup files. If any of the files exist but cannot be read, bash reports an error. Tildes are expanded in filenames as described below under Tilde Expansion in the EXPANSION section.
When bash is invoked as an interactive login shell, or as a non-interactive shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and executes commands from the first one that exists and is readable. The --noprofile option may be used when the shell is started to inhibit this behavior.