Question & Answer
Question
How can I set environment variables for users so they cannot change them?
Answer
If you need to set environment variables for the Korn shell so users cannot change them, set them in the system-wide /etc/profile using the ksh "readonly" command.
The users do not have permission to change /etc/profile, and setting the variables as "readonly" will prevent them from being changed once the user logs in.
$ ls -l /etc/profile
-r-xr-xr-x 1 bin bin 1920 May 05 09:47 /etc/profile
So the /etc/profile configuration file is restricted to read and execute only. This file is used to execute commands when the user logs in.
Let's look at the last two lines of this file:
$ tail /etc/profile
readonly FISH=trout
export FISH
The "export" command will pass this variable on to any subshells or other commands. When a user logs in to the system they will see this variable set in their environment, either with the "env" or "set" commands.
$ env | grep FISH
FISH=trout
If they attempt to change it they will not be able to:
$ FISH=salmon
ksh: FISH: This variable is read only.
The user will not be able to clear it either:
$ unset FISH
ksh: FISH: This variable is read only.
[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Was this topic helpful?
Document Information
More support for:
AIX
Software version:
Version Independent
Operating system(s):
AIX
Document number:
631089
Modified date:
17 June 2018
UID
isg3T1025180
Manage My Notification Subscriptions