Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site rayssd.UUCP Path: utzoo!watmath!clyde!akgua!mcnc!decvax!harpo!ulysses!allegra!rayssd!dhb From: dhb@rayssd.UUCP Newsgroups: net.unix-wizards Subject: Re: Decisions in Unix. Message-ID: <458@rayssd.UUCP> Date: Mon, 14-May-84 13:25:54 EDT Article-I.D.: rayssd.458 Posted: Mon May 14 13:25:54 1984 Date-Received: Wed, 16-May-84 03:13:23 EDT Organization: Raytheon Co., Portsmouth RI Lines: 39 Personally, I feel that whenever a choice must be made in how to implement a particular feature, or even which of several possible features to implement, there MUST be a valid rationale. In the particular case of timeouts vs. asking for the password again, there are several things that must be considered. First and foremost is the question of what is the intended purpose of the change? At our site we added timeouts because we have 40 ports on the machine serving a user community of approximately 200. Our main concern was to get people who were just sitting idle at their terminals off the system. If your machine has plenty of ports available but you are concerned about security, then asking for the password might be a valid approach to take. Another thing to consider is how much time do you want to spend making the changes. A fixed time limit on entering a command can be ad- ded to either the Bourne or C shells in as few as three or four lines of code. Password checking is going to require a little more thought. One last thing to consider in this particular case: on reading through the code for the Bourne shell one finds that the timeout feature was in there at one point in time ( con- trolled by an environment variable) but has now been taken out. A closing side note to any other site out there that might be im- plementing timeouts in the shell. As I said above, our main con- cern was getting people off the system. When I made the changes to the two shells to have timeouts, I did it through control of an environment variable. To make sure that no clever users set there timeouts to four days or zero, I added a check to only al- low values between 1 and 15 minutes. Since I didn't want to clutter up the code that sets the variables what I did was check the value just before I wanted to use it and if it wasn't within the proper range, reset it to a default value. By the way, I also allowed 'root' to set the value to zero so that single user mode would not automatically time out after 15 minutes. -- Dave Brierley Raytheon Co.; Portsmouth RI; (401)-847-8000 x4073 ...!decvax!brunix!rayssd!dhb ...!allegra!rayssd!dhb ...!linus!rayssd!dhb