On Tue 16 Oct 2018 at 12:24:49 (-0400), Gene Heskett wrote: > On Tuesday 16 October 2018 11:37:44 Greg Wooledge wrote: > > > On Tue, Oct 16, 2018 at 11:28:44AM -0400, Gene Heskett wrote: > > > Since leaving a sudo -i laying about is considered a security > > > breach, I'm amazed that the -i option doesn't accept a timeout. Say > > > in seconds, as if you think it will take 5 minutes to do the job as > > > root, sudo -i300, at the ends of which it expires. > > > > You could set the TMOUT variable in the resulting shell, either > > manually or by a setting in some rc file (e.g. /root/.bashrc if that's > > what the shell reads). > > Okayyy, TMOUT=30, and 30 seconds later it does time out, returning me to > my user prompt. > > And I ran synaptic and it didn't time out till 30 secs after I had quit > synaptic which leaves an exploitable hole. Synaptic took way more, than > the 30 I set TMOUT to. Ideally it should have returned to the users > prompt at the synaptic exit, or would that leave trash behind? > > Anyway, many thanks for the schooling, Greg. Even after 20 years, I > hadn't heard of that before.
Hm, to be honest, TMOUT seems like a historical relic of a bygone era when using an idle login shell implied that you were hogging a slot that others were waiting to access. (And when the shell exited, we neighbouring users would have to endure the motor noise of their A/KSR 33 until *its* timeout expired.) If you want a suicidal command that logs you out as soon as you quit, you could wrap it up as a bash function and put it into root's .bashrc; something like for example function aptitude-pop { aptitude exit } Cheers, David.