Jump to content

TMOUT [SOLVED]


Guest LocoMojo
 Share

Recommended Posts

Guest LocoMojo

Sincerest apologies if this is the wrong place to post the following.

 

What I am trying to do: Set a 3 minute idle shell timout for the su, but no timeout for users.

 

What I have tried: Went to drakconf > security > system options and set the shell timeout to 180.

 

Result: Set the shell timeout to 3 minutes for the su AND all users. That's not what I wanted. Then I tried resetting it back to default and it wouldn't cooperate, it stayed at 3 minutes no matter what I did. Relogged and rebooted, still stayed at 3 minutes. I kept trying different things and then it finally reset to default (0)...I'm not sure what I did.

 

Other things I've tried:

 

[prompt]# echo $TMOUT

0

[prompt]# printenv

Long list of environment variables, but TMOUT nowhere to be found.

 

[prompt]# export TMOUT=180

bash: TMOUT: readonly variable

[prompt]# echo $TMOUT

0

[prompt]# printenv

No TMOUT variable

[prompt]# unset TMOUT

bash: unset: TMOUT: cannot unset: readonly variable

 

Checked ~/.bashrc, ~/.bash_profile, /etc/profile, and /etc/profile.d/all files. No mention of TMOUT anywhere.

 

echo $TMOUT reads 0 (it also read 180 when I had it set to 180 earlier) so there's a TMOUT env variable somewhere...but where? :wall:

 

Any suggestions?

 

LocoMojo

 

[moved from Tips & Tricks by spinynorman - but don't worry about it. :)]

Link to comment
Share on other sites

root@laptop.home /home/omar 2234 25-Oct-04
> export TMOUT=180      
bash: TMOUT: readonly variable
root@laptop.home /home/omar 2234 25-Oct-04
> env | grep TMOUT
TMOUT=0
root@laptop.home /home/omar 2234 25-Oct-04
> echo $TMOUT     
0

 

I can't find it in anything either. I think it's compiled in (if that's possible).

Link to comment
Share on other sites

Checked ~/.bashrc, ~/.bash_profile, /etc/profile, and /etc/profile.d/all files. No mention of TMOUT anywhere.

 

This is what I have here in my system:

~# cat /etc/mandrake-release
Mandrake Linux release 10.0 (Official) for i586
~# grep TMOUT /etc/profile.d/*.sh
/etc/profile.d/msec.sh:[ -n "$TMOUT" ] && typeset -r TMOUT

 

So for doing what you want to do I'd do something like the follwoing:

 

(editing /etc/profile.d/msec.sh):
if [  "$USER" == "root" ]; then
  [ -n "$TMOUT" ] && typeset -r TMOUT=180 
else
  [ -n "$TMOUT" ] && typeset -r TMOUT=0
fi

 

of course the above code can be optimized easily, but is just to show what you can do.

 

Also is true that the code will only work if you launch 'su' as a login shell by typing 'su -' otherwise you won't be in a login's shell so you won't be using root's environment variables (search in this forum for what is a login shell if you are confused at this point).

 

hence here is what you should get if you put my code in msec.sh:

 user ~$ echo $TMOUT
0
user ~$ su -
Password:
root ~# echo $TMOUT
180
root ~#

 

HTH

Edited by aru
Link to comment
Share on other sites

Guest LocoMojo

Hi all,

 

I finally figured it out. Rather than rehash everything I did, I'll just cut and paste notes that I made to myself as I was trying to solve this one. I kept notes in case I needed to backtrack and reset what I changed.

 

--snip--

 

Oct. 27th, 2004

 

Removed line: "TMOUT=0" from /etc/sysconfig/msec

Added line: "TMOUT=60" to root .bashrc

Added line: "TMOUT=0" to ~/ .bashrc, but then caused conflict

with root's .bashrc.

 

Removed "TMOUT=0" from ~/ .bashrc.

 

Effect: One minute idle timeout for su login. No change for user.

Reason: Security due to forgetting to exit from su login.

 

Oct. 28th, 2004

 

UPDATE: Found that /usr/share/msec/level.2 was maybe rewriting

/etc/sysconfig/msec with TMOUT=0?

 

Solution?: Edited /usr/share/msec/level.2 by commenting out

the following line:

 

#set_shell_timeout 0

 

UPDATE: Still not working right. /usr/share/msec/level.2 is not writing to /etc/sysconfig/msec after all. Maybe su is running msec level.1?

Edited /usr/share/msec/level.1 by commenting out

the following line:

 

#set_shell_timeout 0

 

UPDATE: Still not working.

 

/usr/share/msec/msec.py seems to be the culprit rewriting

the /etc/sysconfig/msec file.

 

Edited /usr/share/msec/msec.py by commenting out

set_shell_timeout(0) as follows:

 

# differences between level 5 and others

if level == 5:

set_root_umask('077')

set_shell_timeout(900)

authorize_services(NONE)

enable_pam_wheel_for_su(yes)

password_history(5)

else:

set_root_umask('022')

if level == 4:

set_shell_timeout(3600)

authorize_services(LOCAL)

else:

# set_shell_timeout(0)

authorize_services(ALL)

enable_pam_wheel_for_su(no)

password_history(0)

 

--end snip--

 

So now I know it's the /usr/share/msec/msec.py that's been giving me the headaches.

 

I now have the su login timing out after 1 minute of idle time and the regular user is not affected. I really needed this because I'm terrible at remembering to exit out of su.

 

Resolved :)

 

Onwards to new problems, i.e., file association changes don't keep over logouts...grrrr!

 

Thanks all for your input!

 

LocoMojo

Link to comment
Share on other sites

Guest LocoMojo

Hi again all,

 

I said:

 

"Onwards to new problems, i.e., file association changes don't keep over logouts...grrrr!"

 

I've been fighting this one for a while, but then I tackled it again just after posting my previous post.

 

I found out that file association changes are held in RAM so they don't become permanent over logouts or reboots. Wonder why they did that?

 

Anyway, I learned about a command which makes file association changes permanent.

 

kbuildsycoca --noincremental

 

I did this and then logged out and in again and voila, problem solved :)

 

I'm on a roll.

 

Now if only I can get applications to stop freezing on my kicker which leads to disappearing open apps forcing me to log out and in again...

 

LocoMojo

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...