Automatic Logout Process
Jonathan E. Quist
jeq at laidbak.UUCP
Wed Aug 14 16:44:36 AEST 1985
In article <958 at rayssd.UUCP> dhb at rayssd.UUCP (David H. Brierley) writes:
>> I would suspect that a mod to the tty driver would be appro. (Fake out
>> DTR/CD going inactive on timeout.) Due to the needed location, this
>> is highly system dependent.
>
>Please dont change the tty driver to log out idle users!!!!!!!
>The simplest thing that can be done is to add an enforced timeout
>mechanism to the shells. Obviously this is only possible if you
>have a source license. The changes are fairly simple and have
>been done by several people that I know of (myself included).
Please don't change the shells!
It's NOT worth it.
A colleague of mine recently wrote a shell script
(Yes, sh script!) that accomplishes the same thing.
I don't have the exact details available just now,
but basically, this script would get run about once an
hour from cron, would check the users (using
ps, w, or whatever other standard command you like),
and if any were suspiciously inactive, write a message
to the tty in question, sleep 10 minutes, and, if
the user hadn't done anything new, signal the login
shell with SIGHUP via kill. The beast would then
sleep a few more minutes just to double check....
If I can get any more details, I will post them.
I will likely NOT post the actual script, because
a client recently paid $$ to have it done.
Among the advantages:
The code is transportable across various flavors of UNIX.
(This particular script runs happily under 2.9BSD and 4.2BSD.)
No modification to the system is required.
(Think about it. When was the last time you installed
an update distribution and discovered that various "customized"
commands suddenly broke?)
It is relatively easy to set up "immune" users.
Agreed, this is of questionable value, but suppose
you modified the shells or kernel and discovered
that the mod didn't *quite* work. It would be no
fun at all to discover that root had 17.3 seconds
in which to un-install the mods each time he/she/it
logged in.
There are other reasons, but it's 2:00 am and they escape me
just now.
Jonathan E. Quist
Lachman Associates, Inc.
...ihnp4!laidbak!jeq
``I deny this is a disclaimer.''
More information about the Comp.sources.unix
mailing list