HPE Community
Operating System - HP-UX
1834570 Members
3805 Online
110069 Solutions
New Discussion

User logon session doesn’t expire, even if left the system logged on for a long time.

 
SOLVED
Go to solution
James R. Ferguson
Acclaimed Contributor

‎06-18-2009 09:08 AM

‎06-18-2009 09:08 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi (again):

If, in your login profile wrote:

export TMOUT=[10]

Then that is _wrong_ and will generate a syntax error! Worse yet, this stops the processing of the profile such that if you had below it:

TMOUT=10
readonly TMOUT
export TMOUT

...this last three lines would not be processed!

SIMPLY add to your profile:

readonly TMOUT=10;export TMOUT

Regards!

...JRF...




Reply
OldSchool
Honored Contributor

‎06-18-2009 11:22 AM

‎06-18-2009 11:22 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

once again!

for the hpux box that is giving you problems:
1) check the password file to see which shell is actually being run
2) check the "man" page for that shell to see if TMOUT is supported.

you mentioned 10.20. That *might* be the Bourne shell, which isn't posix or bash. If so, that's not going to work.
Reply
Michael Steele_2
Honored Contributor

‎06-18-2009 01:32 PM

‎06-18-2009 01:32 PM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

note: TMOUT=0 is indefinite, never log out.
Support Fatherhood - Stop Family Law
Reply
senthil_kumar_1
Super Advisor

‎06-19-2009 06:57 AM

‎06-19-2009 06:57 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi All,

I am using HP-UX 11.11.

I am setting this for root user

root user shell /sbin/sh

When i used "#man sh", it is showing that POSIX shell.

Hi James,

I tried following also in /root/.profile file

readonly TMOUT=10;export TMOUT

But it is not working.


My echo output

root@lgsna:/root > echo $TMOUT
0


Do we need to restart the server after updating "/root/.profile"?

Actually i exited the root user and relogined by root user into the server.?

Is it ok?

0 Kudos
Reply
Sunny123_1
Esteemed Contributor

‎06-19-2009 07:09 AM

‎06-19-2009 07:09 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi Senthil

Yes it is ok .No need to reboot the server.

Regards
Sunny
Reply
James R. Ferguson
Acclaimed Contributor

‎06-19-2009 07:16 AM

‎06-19-2009 07:16 AM

Solution

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi (again):

> I tried following also in /root/.profile file:
readonly TMOUT=10;export TMOUT
But it is not working.
My echo output
root@lgsna:/root > echo $TMOUT
0
Do we need to restart the server after updating "/root/.profile"?


No, you do not need to logout once you set TMOUT. In fact, login and enter at the command line:

readonly TMOUT=10;export TMOUT

That is, don't worry about updating your profile. Instead let's prove that you can make this work at the commandline.

This should cause your session to display "Shell will time out in 60 seconds.".

Wait and see if it is logged out.

By the way, though release 11.11, the _old" Bourne shell can be found in '/usr/old/bin/sh'. Too, this is where you would have found it on 10.20.

Regards!

...JRF...
Regards!

...JRF...
Reply
senthil_kumar_1
Super Advisor

‎06-20-2009 08:27 AM

‎06-20-2009 08:27 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi James,

Yes, It "readonly TMOUT=10;export TMOUT" is working.

But How why it is not working when i set in /etc/profile.

How to set default value for TMOUT automatically.(How avoid entering this each time after logged in).


What is the corporate standard time for TMOUT?.


0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-20-2009 11:07 AM

‎06-20-2009 11:07 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi (again):

> But How why it is not working when i set in /etc/profile.

If your account's shell isn't the Posix or Korn ('ksh') shell, then '/etc/profile' and '.profile' aren't used. This wouldn't be the case for HP-UX and the root account which is what you seem to be having trouble with.

One way to see this behavior would be if you have a syntax error that causes the profile to stop begin sourced before you reach your TMOUT declaration.

Hence, please post the whole profile file with the TMOUT declaration that you can't make work.

> What is the corporate standard time for TMOUT?

No. In fact, there is no requirement for it to be used. You should define your own standard suitable to your environment.

Regards!

...JRF...
Reply
Dennis Handly
Acclaimed Contributor

‎06-20-2009 11:11 AM

‎06-20-2009 11:11 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

>"readonly TMOUT=10; export TMOUT" is working.
>why it is not working when I set in /etc/profile? How to set default value for TMOUT automatically?

Adding it to /etc/profile should do it. When you login, what does "echo $TMOUT" show?

>What is the corporate standard time for TMOUT?

Whatever your company decides.
Reply
senthil_kumar_1
Super Advisor

‎06-22-2009 06:50 AM

‎06-22-2009 06:50 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Is there any possibility to lock (telnet / rlogin / ssh ) session instead of exit.

since if it is exiting automatically then we can not get the screen output.

Actually I want to secure (telnet / rlogin / ssh ) sessions if they are not being used for particular time period.

0 Kudos
Reply
OldSchool
Honored Contributor

‎06-22-2009 07:25 AM

‎06-22-2009 07:25 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

"Is there any possibility to lock (telnet / rlogin / ssh ) session instead of exit.

since if it is exiting automatically then we can not get the screen output.

Actually I want to secure (telnet / rlogin / ssh ) sessions if they are not being used for particular time period."

which is totally different from what you've been asking about all along. There is no "locking" mechanism for telnet / rlogin / ssh based on an individual session. I'm not sure what "since if it is exiting automatically then we can not get the screen output." has to do with anything, either the user is sitting "idle" at the 1st level command prompt or they aren't. If everybody uses Windows with telnet or putty, you might be able to do something at that end to force a lock, but I've not tried. You wouldn't be controlling that at the Unix side anyway, so a idle telnet session wouldn't be secured it the user was doing something else (say working on a spreadsheet). Real, honest to goodness, dumb glass terminals would pose an issue as well.

you might however be able to do something with traps to catch the exit event and do something to "print" the screen. Again, I've not tried that.

you might try describing the problem you are trying to solve (in detail) instead. depending on the underlying issue, there may be other (or better) ways to solve it.
Reply
Sunny123_1
Esteemed Contributor

‎06-22-2009 07:31 AM

‎06-22-2009 07:31 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi

What actually you want???You want to block telnet or ssh or rlogin???


Regards
Sunny
Reply
OldSchool
Honored Contributor

‎06-22-2009 07:40 AM

‎06-22-2009 07:40 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Sunny, Senthil said: "Is there any possibility to lock (telnet / rlogin / ssh ) session instead of exit."

I take that as something similar to "locking" a MS-Windows screen (ie Ctl-Alt-Del, "Lock Computer"), or the "Lock Terminal" button in X-Windows / CDE. But, I could be wrong.

He's doen't appear to be trying to "block" telnet (bad), rlogin (bad), or ssh. Just control the amount of time a terminal sits idle at a command prompt.
Reply
senthil_kumar_1
Super Advisor

‎06-22-2009 09:17 AM

‎06-22-2009 09:17 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Yes Oldschool you are correct.


"since if it is exiting automatically then we can not get the screen output".


For example, we were executing some commands, after that we went for lunch.
now it is exited automatically. so we can not find what are the commands we executed and what are outputs they given when we come back after finishing the lunch.


0 Kudos
Reply
Mel Burslan
Honored Contributor

‎06-22-2009 10:09 AM

‎06-22-2009 10:09 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

thil,

in order to track the commands issued from terminal and their output, just before starting this activity, issue the command

script -a myterminal.log

this will open a subshell and log all the screen i/o including esc, backspace or any other control characters you have typed, into the myterminal.log file (-a option is for appending to the existing log file, skip that and new log file will be created) This is to keep the output of automatically timed out session. On the other hand, I do not know any way to lock the screen which was idle for too long. Even if you can find an aftermarket application, I am sure it will be more shell dependent than the TMOUT variable. So, the best way is to lock your windows PC where you are running terminal emulation on, as windows has been designed for this kind of activity, or of course use CDE and have the same screen lock functionality.

Hope this helps.
________________________________
UNIX because I majored in cryptology...
Reply
Michael Steele_2
Honored Contributor

‎06-22-2009 10:21 AM

‎06-22-2009 10:21 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Mel

You know that's an excellent idea. Add a script command into every .profile to track commands.

Great idea!
Support Fatherhood - Stop Family Law
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-22-2009 10:24 AM

‎06-22-2009 10:24 AM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi (again) Senthil:

> Is there any possibility to lock (telnet / rlogin / ssh ) session instead of exit. since if it is exiting automatically then we can not get the screen output.

You could use 'lock' to secure (lock) your terminal. When you enter 'lock' you are prompted for a password of your choice. Once you repeat the password, the terminal is locked. You unlock it only by typing the password you used to lock it or by killing the session. If you wish, processes can continue to run in the background and will output to the screen. No input will be allowed other than the password to unlock the session, though.

Regards!

...JRF...

Reply
Mel Burslan
Honored Contributor

‎06-22-2009 08:03 PM

‎06-22-2009 08:03 PM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Michael,

>Mel
>
>You know that's an excellent idea. Add a
>script command into every .profile to track
>commands.
>
>Great idea!

I am not sure if this meant to be cynicism or not, but if you are leaving a session alone, knowing that it will most probably die before you come back but at the same time you want to know what message it spitted out the last, before it went sideways, script is a very good little tool in my opinion. I am saying it has to be inserted in every profile but can be used whenever it is warranted.

My 2 cents
________________________________
UNIX because I majored in cryptology...
Reply
Suraj K Sankari
Honored Contributor

‎06-22-2009 08:28 PM

‎06-22-2009 08:28 PM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi,

>>we were executing some commands, after that we went for lunch.
now it is exited automatically. so we can not find what are the commands we executed and what are outputs they given when we come back after finishing the lunch.

I think you are using putty or some other third party software to connect to your server, once you issue a command and go for lunch at the same time you can lock your laptop or desktop's sereen with Alt+Ctrl+Del.
when you came back from lunch you can unlock your screen and you can check all the commands at your putty screen.

Suraj
0 Kudos
Reply
sarfaraj ahmad
Trusted Contributor

‎06-22-2009 09:17 PM

‎06-22-2009 09:17 PM

Re: User logon session doesn’t expire, even if left the system logged on for a long time.

Hi All,

It's definitely a good idea but you have to be track the size of this log file. if user is doing huge transaction and activity then this file will increase heavily and may increase the usage of mount point but if there is no space issue then its ok.

thanks.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.