HPE Community
Operating System - HP-UX
1752800 Members
5915 Online
108789 Solutions
New Discussion

User logon session doesn’t expire, even if left the system logged on for a long time.

 
SOLVED
Go to solution
senthil_kumar_1
Super Advisor

‎06-16-2009 07:37 AM

‎06-16-2009 07:37 AM

User logon session doesn’t expire, even if left the system logged on for a long time.

Hi

I am using Hpux and linux (redhat and suse).

How to make expiring the system automatically for terminal login [hpux (rlogin / telnet) and linux (ssh)] and xmanger / vnc login (GUI).


how to solve this problem.

0 Kudos
Reply
44 REPLIES 44
Steven E. Protter
Exalted Contributor

‎06-16-2009 07:48 AM

‎06-16-2009 07:48 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Shalom,

set the TMEOUT paramter.

This will work for terminal sessions.

But if you run an application after that it will not time out because most applications keep the terminal session thinking there is activity unless they themselves have idle time outs.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
OldSchool
Honored Contributor

‎06-16-2009 07:58 AM

‎06-16-2009 07:58 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Depends upon the shell (bash, bourne shell, ksh, csh or ??) the user isrunning, not the method of getting it (ssh/telnet/rlogin)

posix, ksh and bash have the TMOUT variable. Note this only works when the the user is sitting at a "PS1" prompt. If they've left something open, say "vi" or an app, I don't believe this works.

sh and csh don't have that ability at all as far as I can tell.

CDE / graphical sessions, see:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1254173
Reply
Mel Burslan
Honored Contributor

‎06-16-2009 08:06 AM

‎06-16-2009 08:06 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

As Old school suggested, the TMOUT variable is only applicable to a handful of shells and if you seem busy, like editing a file in vi, even if you are performing no activity, it prevents the timeout from taking effect.

Our network team has a more drastic solution to this problem. I can not say I like the way they do it but security guidelines force them to kill any sessions which are inactive for more than 3600 seconds, by killing the connection between the server and the client. It caused a lot of headaches for long running installations and such, but a necessary evil in my opinion. It is all done at the firewall level and we, as sysadmins, have no control over it. If you have an audit requirement for doing this, talk to your firewall people.
________________________________
UNIX because I majored in cryptology...
Reply
Dennis Handly
Acclaimed Contributor

‎06-16-2009 08:40 AM

‎06-16-2009 08:40 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

>OldSchool: sh and csh don't have that ability at all as far as I can tell.

sh == posix shell on HP-UX.
Hmm, I thought the scummy C shell has a similar variable but I can't find it.
Reply
James R. Ferguson
Acclaimed Contributor

‎06-16-2009 08:44 AM

‎06-16-2009 08:44 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi:

For that scummy C-shell the equivalent of the Posix TMOUT is 'autologout'.

Regards!

...JRF...
Reply
senthil_kumar_1
Super Advisor

‎06-16-2009 08:51 AM

‎06-16-2009 08:51 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi

I am using following shells

sh - for HP-Unix
bash - for linux (redhat / suse).

How, where (which file) and what parameter to be set for above mentioned OS.
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎06-16-2009 08:57 AM

‎06-16-2009 08:57 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

TMOUT for posix, HP-UX sh. To check current value, echo $TMOUT from command line. To automate for all users, /etc/profile and add a line anywhere like so:

export TMOUT=3600 (* in seconds, always. 3600 = one hour *)

Support Fatherhood - Stop Family Law
Reply
Dennis Handly
Acclaimed Contributor

‎06-16-2009 09:01 AM

‎06-16-2009 09:01 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

>Michael: export TMOUT=3600 (* in seconds, always. 3600 = one hour *)

If you use the following you don't have to document it: ;-)
export TMOUT=$(( 1 * 60 * 60 ))

If you are feeling really evil, you can make the variable readonly so users can't change it.
readonly TMOUT
Reply
James R. Ferguson
Acclaimed Contributor

‎06-16-2009 09:06 AM

‎06-16-2009 09:06 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi (again) Senthil:

For your 'bash' shell, 'TMOUT' should also apply. Set it as you see fit in your '${HOME}/.bashrc'.

Regards!

...JRF...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.