HPE Community
Operating System - HP-UX
1834448 Members
1974 Online
110067 Solutions
New Discussion

readonly environment variables in csh?

 
Gordon Morrison_1
Regular Advisor

‎01-28-2005 02:08 AM

‎01-28-2005 02:08 AM

readonly environment variables in csh?

In ksh/posix I can do this in /etc/profile:
TMOUT=3600
readonly TMOUT
export TMOUT

This will prevent users from changing their TMOUT value, and automatically log them out after 1 hour of inactivity.
The csh equivalent of TMOUT is autologout, but is there a way to make it readonly?
What does this button do?
0 Kudos
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎01-28-2005 02:52 AM

‎01-28-2005 02:52 AM

Re: readonly environment variables in csh?

I just ran the c-shell.

It totally ignored the TMOUT value I have in /etc/profile

Further it ignored my attempts to set it manually.

You may wish to try and set it in the .csh equivalent of .profile.

This probably won't work either.

Note also that TMOUT will not log users out that have an app running. Even something as simple as top will let the user remain logged on indefinitely.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Sanjay_6
Honored Contributor

‎01-28-2005 03:09 AM

‎01-28-2005 03:09 AM

Re: readonly environment variables in csh?

Hi,

For csh, i think this should work.

Disable autologout,
# set autologout=0

unset the value set for autologout.
# unset autologout

To set the value to 60 minutes,
#set autologout=60

this i what i find.

/Quote/

With C shell (csh), the autologout variable is set to 60 minutes by default. To disable it, you must explicitly unset the variable or set it to 0. Modify /etc/csh.login to change this on a system-wide basis, or modify .cshrc in the user's home directory. autologout must be specified in all lower-case characters.

/EndQuote/

hope this helps.

Regds


0 Kudos
Gordon Morrison_1
Regular Advisor

‎01-28-2005 03:15 AM

‎01-28-2005 03:15 AM

Re: readonly environment variables in csh?

Thanks, I found the same man page, What I want to know is, is there a way to prevent users from changing the value of autologout that I set in /etc/csh.login ?
What does this button do?
0 Kudos
Bill Hassell
Honored Contributor

‎01-28-2005 04:14 AM

‎01-28-2005 04:14 AM

Re: readonly environment variables in csh?

TMOUT has no effect in csh since csh is unrelated to any POSIX shell. Your csh needs a patch in order to provide the readonly attribute for variables. The way you get the patch put on is to run the following command:

chsh user_name /usr/bin/sh

Now both the readonly attribute and the TMOUT variable will work reliably, and you'll gain access to the world of POSIX shells. For reference:
http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/

8-)


Bill Hassell, sysadmin
0 Kudos
Gordon Morrison_1
Regular Advisor

‎01-28-2005 04:30 AM

‎01-28-2005 04:30 AM

Re: readonly environment variables in csh?

LOL!
6 points to Bill for making me laugh!:o)

I haven't used csh since I discovered ksh, nor would I go back to it. Unfortunately, I administer systems with lusers who DO use csh, and I want to prevent them from leaving themselves logged in all night/weekend (Not that I have anything against our office cleaners, but I don't want them fiddling with anything if temptation is left in their way).

If I put the line:
setenv autologout 60
in
/etc/csh.login
then it should automatically logout any idle C shells with no child processes after 60 minutes.
BUT, there's nothing to stop the csh lusers from typing:
setenv autologout 0
or
unset autologout
when they get fed up with having to login again every morning.

I want to stop them from changing the value of autologout.
Unfortunately, re-education on the joys of POSIX/ksh is likely to be resisted.
What does this button do?
0 Kudos
Bill Hassell
Honored Contributor

‎01-28-2005 05:21 AM

‎01-28-2005 05:21 AM

Re: readonly environment variables in csh?

Actually, for bad programmers, (there's so few of them though...) even a readonly attribute for autologout won't work--they just type: vi and go home. The shell timeout is exactly that: a shell timeout. It only works at the shell prompt. Start an application and the time stops because the shell is waiting.

One way to track down truly idle users is the who -u command where the 4th field (right after the date) is the tty or terminal activity. It will contain 3 possible values:

. = currently active during the last minute
old = no keyboard activity in more than 24 hours
hh:mm = hours:minutes since last keyboard activity

So kill anyone that has "old" in the activity field. Oh, unless they are running a program that takes 30 hours to complete and the program wasn't put into the background (or other similar situations).

As you can see, we sysadmins end up trying to solve behavioral problems with social engineering like forcing lazy users to log off and there will always be exceptions...


Bill Hassell, sysadmin
0 Kudos
Gordon Morrison_1
Regular Advisor

‎01-30-2005 08:51 PM

‎01-30-2005 08:51 PM

Re: readonly environment variables in csh?

I got so fed up with going around killing 'old' logins, I put a kill_old_users function in the daily system checks, but as I am currently creating a new security-conscious "standard build", I thought I'd use the built-in features to do this. It seems there's no way to make it read-only in csh.
Oh, well. Thanks for your replies.
What does this button do?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.