Decisions in Unix.

dhb at rayssd.UUCP dhb at rayssd.UUCP
Tue May 15 03:25:54 AEST 1984 

Personally, I feel that whenever a choice must be made in how  to
implement a particular feature, or even which of several possible
features to implement, there MUST be a valid rationale.   In  the
particular  case  of  timeouts vs. asking for the password again,
there are several things that  must  be  considered.   First  and
foremost  is  the question of what is the intended purpose of the
change?  At our site we added timeouts because we have  40  ports
on  the  machine  serving  a user community of approximately 200.
Our main concern was to get people who were just sitting idle  at
their  terminals  off  the system.  If your machine has plenty of
ports available but you are concerned about security, then asking
for  the  password  might  be  a valid approach to take.  Another
thing to consider is how much time do you want  to  spend  making
the changes.  A fixed time limit on entering a command can be ad-
ded to either the Bourne or C shells in as few as three  or  four
lines  of  code.   Password checking is going to require a little
more thought.  One last thing  to  consider  in  this  particular
case:  on reading through the code for the Bourne shell one finds
that the timeout feature was in there at one point in time ( con-
trolled by an environment variable) but has now been taken out.

A closing side note to any other site out there that might be im-
plementing timeouts in the shell.  As I said above, our main con-
cern was getting people off the system.  When I made the  changes
to  the  two shells to have timeouts, I did it through control of
an  environment variable.  To make sure that no clever users  set
there  timeouts to four days or zero, I added a check to only al-
low values between 1 and 15 minutes.   Since  I  didn't  want  to
clutter  up the code that sets the variables what I did was check
the value just before I wanted to use it and if it wasn't  within
the  proper  range,  reset  it to a default value.  By the way, I
also allowed  'root' to set the value to zero so that single user
mode would not automatically time out after 15 minutes.
-- 
	Dave Brierley
	Raytheon Co.; Portsmouth RI; (401)-847-8000 x4073
	...!decvax!brunix!rayssd!dhb
	...!allegra!rayssd!dhb
	...!linus!rayssd!dhb

More information about the Comp.unix.wizards mailing list