?
Solved

TMOUT variable does not work on rbac and sftp.

Posted on 2010-08-25
3
Medium Priority
?
1,234 Views
Last Modified: 2013-11-17
Helo,

I've setup a TMOUT readonly variable on /etc/profile and it's working properly when users via ssh. The session is kicked afterr 1 hour of idle. But When I enter rbac I lost TMOUT variable. See below:

/etc/profile:
TMOUT=3600
readonly TMOUT

Loging via ssh and enter in rbac.
s03is@micro: /home/s03is # echo $TMOUT
3600
s03is@micro: /home/s03is # swrole admin
s03is's Password:
s03is@micro: /home/s03is # echo $TMOUT
0
s03is@micro: /home/s03is #

Or, I use eny client of sftp (windows or unix/linux) and TMOUT does not work.

Any hint?

Thanks.

0
Comment
Question by:sminfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 33523339
Hiya!

You must export the TMOUT variable in order to get it passed into the subshell started by swrole.

/etc/profile:export TMOUT=3600
readonly TMOUT

wmp
0
 

Author Comment

by:sminfo
ID: 33523399
Jee, you rock man!.. working now....nothing about sftp?

Thanks..
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 33524128
There is no true "idle timeout" mechanism for ssh (and thus for sftp).

You could try the below in sshd_config, but Attention! It will be valid for all ssh sessions for all users, not only sftp:

ClientAliveCountMax 0
and
ClientAliveInterval 3600

With this setting the server will not "wake up" an inactive client and disconnect it after ClientAliveInterval seconds.

I know that it works for ssh sessions, but I never tried i with sftp. It should work however, I think.

The client must not have ServerAliveCountMax set to a value other than zero, else the above will be quashed!

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question