Solved

How to limit logon tme for a user

Posted on 2004-05-01
16
682 Views
Last Modified: 2013-12-27
Hi All,
On solaris, if the logon user in not using his termainal or idle for sometime, How to kick him off from the system "security wise"?
Thanks
0
Comment
Question by:husamzm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +3
16 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 10966485
Install idled - http://www.darkwing.com/idled/  - It's the best, most flexible method and handles all shells & connection methods
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10966634
some shells also support a autologout variable
Solaris also has a TCP/IP-idle-timout, default is 2 hours
0
 

Author Comment

by:husamzm
ID: 10970094
Thanks for the 3rd party hat can do that, but the system is critical that I can't install 3rd party S/W or I will lose the support. There is no built in tool in the Solaris O/S can do that?

Husam
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 48

Expert Comment

by:Tintin
ID: 10973858
ahoffman.

Which specific TCP parameter are you referrring to?  I'm not aware of any.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10977633
ndd /dev/tcp tcp_keepalive_interval
0
 

Author Comment

by:husamzm
ID: 10983239
tcp_keepalive_interval default value is 720000
this means 2 hours ? How ? and if we modify the value to less time, it will affect all system logins, but How to assign it to specific system logins, any idea?
thanks

Husam
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10983259
TCP keepalives won't logout a user.  It is an extension to the original TCP specification to send keepalives at regular intervals to keep TCP connections open.  Typically this is done from the client or application side, but given the proliferation of firewalls and general network devices that can silently drop connections idle for a certain period, the TCP keepalives are useful in these circumstances.

husamzm.

The closest you're going to get without installing additional software is the ability for ksh/bash users to automatically logout after the defined number of seconds in the TMOUT environment variable.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10984498
tcp_keepalive_interval is a kernel parameter, and so cannot be aplied to specific users and/or processes

>  TCP keepalives won't logout a user.
hmm, true, it won't logout.
But the connection is gone away. Is there a difference for the user if logged out, or no more connection ;-)
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10992626
ahoffmann,

Maybe I'm misunderstanding what you're saying, but I'm interpreting that you are saying that setting the tcp_keepalive_interval will drop a connection?

If so, then that is incorrect.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10993245
Tintin, please see http:Q_20978298.html
0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11047005
In  the ksh shell
is the

TMOUT=0

     TMOUT     If set to a value greater  than  zero,  the  shell
               will  terminate if a command is not entered within
               the prescribed number of seconds after issuing the
               PS1  prompt.  (Note that the shell can be compiled
               with a maximum bound for this value  which  cannot
               be exceeded.)

look

man ksh


0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11221961
File
/etc/default/login

# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
#
#TIMEOUT=300

If you make
TIMEOUT= 900
you have 900:60=15 minutes for timeout

for
#TIMEOUT=300
timeout is OFF
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11223852
keep in mind that not all shells support read-only variables, so there is nothing to restrict me doing

   unset TIMEOUT
   unset TMOUT
   unset autologout

;-)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11354083
valuable suggestions given, IMHO, no refund
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11387692
PAQed - no points refunded (of 50)

modulo
Community Support Moderator
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question