1834019 Members
2970 Online
110063 Solutions
New Discussion

Enforcing shell timeout?

 
Alex Georgiev
Regular Advisor

Enforcing shell timeout?

Does anyone have a creative & elegant way of enforcing shell timeouts for users?

Currently I'm doing it by executing 'typeset -r TMOUT=' in the /etc/profile. This prevents the user from unsetting the TMOUT variable, or from editing their own .profile and changing it.

Unfortunately it also prevents them from specifying a shorter timeout, if they wish to do so. Plus, it seems to conflict with certain apps that try to modify it.
4 REPLIES 4
Peter Nikitka
Honored Contributor

Re: Enforcing shell timeout?

Hi,

you'll have to use some scripting.
I would look for an optional config file ~/.tmout
where the user could specify something like
TMOUT=nnn

and in /etc/profile use something like this:
tmout_default=1024
if [ -s $HOME/.tmout ]
then
usrtmout=$(awk -F= '$1=="TMOUT" {print $2}' $HOME/.tmout)
[ "$usrtmout" -gt $tmout_default ] && unset usrtmout
if
typeset -r TMOUT=${usrtmout:-$tmout_default}

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Alex Georgiev
Regular Advisor

Re: Enforcing shell timeout?

Yes, that's a good idea. A ~/.tmout would work.

Any other ideas for how to do that?

P.S. Something that went though my mind is to compile the shell from source, but edit the source code beforehand and hard code a maximum value in there. The problem with that is that I might only be able to do it for bash & tcsh, since I'm not sure if I can find the source for the HP-UX ksh & dtksh.

Also, there's alway the possibility that I'll mess up and create bugs. Haven't done any serious coding in a while...
James R. Ferguson
Acclaimed Contributor

Re: Enforcing shell timeout?

Hi Alex:

> Something that went though my mind is to compile the shell from source, but edit the source code beforehand and hard code a maximum value in there. The problem with that is that I might only be able to do it for bash & tcsh, since I'm not sure if I can find the source for the HP-UX ksh & dtksh.

You won't be able to obtain the source for HP-UX released versions.

That aside, I've "been-there-done-that" in "another life" many years ago. As a then mainframe systems programmer I had source code and was used to developing patches as work-arounds and customizations. The problem was always re-engineering the patch and re-certifying it as new releases and vendor-supplied enhancements appeared.

Put your creative efforts to use in another way. Peter's suggestion is a good one.

Regards!

...JRF...
Peter Nikitka
Honored Contributor

Re: Enforcing shell timeout?

Hi,

additionally you should check the setting of a user-timeout not being zero: This could mean NO timeout in some shells!

mfG Peter

PS: Of course you could permit this as a 'feature'...
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"