[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: (open) sshd timeout



Tim wrote:
> Yes they can.  They have write access to their own homespace, so they
> can change the files in there.  They can delete that file and create
> their own replacement.

The chattr +i command can fix that...

Once a file has been made immutable (by root), not even root can delete
or modify it until root removes the immutable flag.

Alternatively (and I haven't tried this), it should be possible to set
environment variables in /etc/profile and use typeset -r to prevent the
users from overwriting them. This should get around the previously
mentioned problem with the TMOUT environment variable being overwritten
in ~/.bash_profile. See man bash and search for typeset for details.

But I don't think that anyone has addressed the core question, "what
does the Original Poster mean by an 'idle' login"? For example, what
happens if someone goes into emacs, and then leaves emacs open? Or SSHes
into another system? Or uses tail -f to monitor an interesting logfile?

Until the original requirements have been *clearly* stated, all you can
do is hope you've mind-read what they really wanted correctly.

James.

-- 
E-mail address: james | "Does exactly what it says on the tin." ...
@westexe.demon.co.uk  | I've got a tin at home: it says "Open other end".
                      | It never is.
                      | -- Humphrey Lyttelton, "I'm Sorry, I Haven't A Clue"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]