Thread: killed users shell, but finger says they're still logged in
View Single Post

   
  #8 (permalink)  
Old 01-05-2008, 10:52 AM
j3
 
Posts: n/a
Default Re: killed users shell, but finger says they're still logged in
base60 wrote:
> Randy Styka wrote:
> > dalestubblefield@gmail.com wrote:
> >> I cannot figure out where I can set to have the user logged out after a
> >> certain period of idle time... It's not in SMIT?
> >>
> > As others have mentioned, many shells have a builtin way
> > to log off idle users; often an environment variable called
> > TMOUT. An issue is that this will only log off idle users
> > who are at a shell prompt, not users in your applications.
One option is "TMOUT=3600" included in /etc/environments which would
cause automatic termination of a ksh if sitting idly at a command
prompt for an hour (3600s). The equivalent variable is TIMEOUT
(measured in minutes) for a Bourne sh.
>
> This, is a very bad idea and one which will invariably piss
> someone off a lot... and they'll have a legitimate gripe.
>
Probably will annoy some but whether that's "legitimate" depends on the
company's computer security policy, not on your personal opinion.
> >
> > To do this, you need some extra program to run and log them
> > off. There are some available on the internet but we ran into
> > problems in how they decided if a user was idle.
>
> Precisely.
>
> > Commands like
> > "who -u" or "w" base idle time on when the keyboard was last
> > used. So if a user is running a long, cpu bound job with no
> > keyboard interaction, the programs that use the output of commands
> > like "finger" or "who" will think the user is idle and log the
> > user off.
> >
> > Our company wrote (and sells ;-) a product called LOGMON that
> > monitors the cpu usage for each user, and their child processes.
> > Then we can be sure the user really is idle before logging them
> > off.
<snip>
> > You can vary the inactivity time by user, time of day, etc.
> > And you can control how the user is actually logged off. If
> > this is of interest, send an email to logmon@computronics.com
> > for details or visit http://www.logmon.com. Thanks!
>
> By the way, this was an Ad and you're really not supposed to
> post them... even under the guise of being helpful.
>
> On the possibility that you did mean well, I didn't report it
> to earthlink's abuse dept... who probably wouldn't do much about
> it, anyway LOL :-)
Personally, I reckon that Randy's post was helpful and gave Dale extra
options to solve his problem, unlike your post, though at least your
previous one was helpful.

I've had to implement the same sort of thing myself in the past. From
memory I has a script running in the background which looked at
'inactive' user sessions (via "who -u"), noting the terminal of those
which may be inactive. It then checked the time clocked by all
processes belonging to each of those terminals (using "ps -ft
terminal_name") and compared that total with what it had stored
previously. It sent the inactive, non-processing sessions a warning
that they would be automatically logged out in 1 minute, after which it
logged them out if they were still inactive. One user complained about
it and I adjusted it to suit his situation.

Best wishes,
Jeffrey.

Reply With Quote