Guest LocoMojo Posted October 25, 2004 Report Share Posted October 25, 2004 Sincerest apologies if this is the wrong place to post the following. What I am trying to do: Set a 3 minute idle shell timout for the su, but no timeout for users. What I have tried: Went to drakconf > security > system options and set the shell timeout to 180. Result: Set the shell timeout to 3 minutes for the su AND all users. That's not what I wanted. Then I tried resetting it back to default and it wouldn't cooperate, it stayed at 3 minutes no matter what I did. Relogged and rebooted, still stayed at 3 minutes. I kept trying different things and then it finally reset to default (0)...I'm not sure what I did. Other things I've tried: [prompt]# echo $TMOUT 0 [prompt]# printenv Long list of environment variables, but TMOUT nowhere to be found. [prompt]# export TMOUT=180 bash: TMOUT: readonly variable [prompt]# echo $TMOUT 0 [prompt]# printenv No TMOUT variable [prompt]# unset TMOUT bash: unset: TMOUT: cannot unset: readonly variable Checked ~/.bashrc, ~/.bash_profile, /etc/profile, and /etc/profile.d/all files. No mention of TMOUT anywhere. echo $TMOUT reads 0 (it also read 180 when I had it set to 180 earlier) so there's a TMOUT env variable somewhere...but where? Any suggestions? LocoMojo [moved from Tips & Tricks by spinynorman - but don't worry about it. :)] Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted October 26, 2004 Report Share Posted October 26, 2004 root@laptop.home /home/omar 2234 25-Oct-04 > export TMOUT=180 bash: TMOUT: readonly variable root@laptop.home /home/omar 2234 25-Oct-04 > env | grep TMOUT TMOUT=0 root@laptop.home /home/omar 2234 25-Oct-04 > echo $TMOUT 0 I can't find it in anything either. I think it's compiled in (if that's possible). Quote Link to comment Share on other sites More sharing options...
aru Posted October 26, 2004 Report Share Posted October 26, 2004 (edited) Checked ~/.bashrc, ~/.bash_profile, /etc/profile, and /etc/profile.d/all files. No mention of TMOUT anywhere. This is what I have here in my system: ~# cat /etc/mandrake-release Mandrake Linux release 10.0 (Official) for i586 ~# grep TMOUT /etc/profile.d/*.sh /etc/profile.d/msec.sh:[ -n "$TMOUT" ] && typeset -r TMOUT So for doing what you want to do I'd do something like the follwoing: (editing /etc/profile.d/msec.sh): if [ "$USER" == "root" ]; then [ -n "$TMOUT" ] && typeset -r TMOUT=180 else [ -n "$TMOUT" ] && typeset -r TMOUT=0 fi of course the above code can be optimized easily, but is just to show what you can do. Also is true that the code will only work if you launch 'su' as a login shell by typing 'su -' otherwise you won't be in a login's shell so you won't be using root's environment variables (search in this forum for what is a login shell if you are confused at this point). hence here is what you should get if you put my code in msec.sh: user ~$ echo $TMOUT 0 user ~$ su - Password: root ~# echo $TMOUT 180 root ~# HTH Edited October 26, 2004 by aru Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted October 26, 2004 Report Share Posted October 26, 2004 Whoa. I thought I grepped everything. Shows why aru is the king. Quote Link to comment Share on other sites More sharing options...
aru Posted October 26, 2004 Report Share Posted October 26, 2004 No I'm not, I've just used grep to the only places where TMOUT can be placed, the bash configuration files :) Quote Link to comment Share on other sites More sharing options...
ramfree17 Posted October 27, 2004 Report Share Posted October 27, 2004 i agree with aru on this one, he is not the king. he is just the resident bash nut. anyway, this is a good tip. (*hint*, *hint*, *hint*) ;) ciao! Quote Link to comment Share on other sites More sharing options...
Guest LocoMojo Posted October 30, 2004 Report Share Posted October 30, 2004 Hi all, I finally figured it out. Rather than rehash everything I did, I'll just cut and paste notes that I made to myself as I was trying to solve this one. I kept notes in case I needed to backtrack and reset what I changed. --snip-- Oct. 27th, 2004 Removed line: "TMOUT=0" from /etc/sysconfig/msec Added line: "TMOUT=60" to root .bashrc Added line: "TMOUT=0" to ~/ .bashrc, but then caused conflict with root's .bashrc. Removed "TMOUT=0" from ~/ .bashrc. Effect: One minute idle timeout for su login. No change for user. Reason: Security due to forgetting to exit from su login. Oct. 28th, 2004 UPDATE: Found that /usr/share/msec/level.2 was maybe rewriting /etc/sysconfig/msec with TMOUT=0? Solution?: Edited /usr/share/msec/level.2 by commenting out the following line: #set_shell_timeout 0 UPDATE: Still not working right. /usr/share/msec/level.2 is not writing to /etc/sysconfig/msec after all. Maybe su is running msec level.1? Edited /usr/share/msec/level.1 by commenting out the following line: #set_shell_timeout 0 UPDATE: Still not working. /usr/share/msec/msec.py seems to be the culprit rewriting the /etc/sysconfig/msec file. Edited /usr/share/msec/msec.py by commenting out set_shell_timeout(0) as follows: # differences between level 5 and others if level == 5: set_root_umask('077') set_shell_timeout(900) authorize_services(NONE) enable_pam_wheel_for_su(yes) password_history(5) else: set_root_umask('022') if level == 4: set_shell_timeout(3600) authorize_services(LOCAL) else: # set_shell_timeout(0) authorize_services(ALL) enable_pam_wheel_for_su(no) password_history(0) --end snip-- So now I know it's the /usr/share/msec/msec.py that's been giving me the headaches. I now have the su login timing out after 1 minute of idle time and the regular user is not affected. I really needed this because I'm terrible at remembering to exit out of su. Resolved :) Onwards to new problems, i.e., file association changes don't keep over logouts...grrrr! Thanks all for your input! LocoMojo Quote Link to comment Share on other sites More sharing options...
Guest LocoMojo Posted October 30, 2004 Report Share Posted October 30, 2004 Hi again all, I said: "Onwards to new problems, i.e., file association changes don't keep over logouts...grrrr!" I've been fighting this one for a while, but then I tackled it again just after posting my previous post. I found out that file association changes are held in RAM so they don't become permanent over logouts or reboots. Wonder why they did that? Anyway, I learned about a command which makes file association changes permanent. kbuildsycoca --noincremental I did this and then logged out and in again and voila, problem solved :) I'm on a roll. Now if only I can get applications to stop freezing on my kicker which leads to disappearing open apps forcing me to log out and in again... LocoMojo Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.