dave@andromeda.UUCP (Dave Bloom) (08/08/85)
Does anyone out there in Netland have source to a program that will log users out automatically if their terminals have been idle for a specified amount of time and they have no processes running???? Sys V or 4.2bsd will do.... Thanx, Dave Bloom Rutgers University, Newark, NJ.
slerner@sesame.UUCP (Simcha-Yitzchak Lerner) (08/09/85)
> Does anyone out there in Netland have source to a program that will > log users out automatically if their terminals have been idle for a > specified amount of time and they have no processes running???? Sys V > or 4.2bsd will do.... > > Thanx, > > Dave Bloom > Rutgers University, Newark, NJ. I would suspect that a mod to the tty driver would be appro. (Fake out DTR/CD going inactive on timeout.) Due to the needed location, this is highly system dependent. -- Opinions expressed are public domain, and do not belong to Lotus Development Corp. ---------------------------------------------------------------- Simcha-Yitzchak Lerner {genrad|ihnp4|ima}!wjh12!talcott!sesame!slerner {cbosgd|harvard}!talcott!sesame!slerner slerner%sesame@harvard.ARPA
dhb@rayssd.UUCP (David H. Brierley) (08/13/85)
> I would suspect that a mod to the tty driver would be appro. (Fake out > DTR/CD going inactive on timeout.) Due to the needed location, this > is highly system dependent. Please dont change the tty driver to log out idle users!!!!!!! The simplest thing that can be done is to add an enforced timeout mechanism to the shells. Obviously this is only possible if you have a source license. The changes are fairly simple and have been done by several people that I know of (myself included). A somewhat harder thing to do is to be able to log off users that simply run some program (i.e. vi) and then walk away. To do this you have to write one of the much dreaded "idle logout daemon"s. Unless you are extremely clever this is best done by modifying the source to one of the system programs like "ps" or "w". You will note that nowhere did I mention changing the tty driver, in fact I never even suggested making any changes to the kernel at all. All of this code is either in the shell or in a normal user-mode process. I will admit that we made one change to the shell and the kernel to support the "idle logout daemon" that we developed here. We added a system call to set an unused bit in the process structure and made the shell use that routine before it placed a process into the background. This way the idle checker could easily ignore background processes without having to analyze the process table entry in great detail. It makes it much nicer because it makes the idle checker more efficient and more accurate. Well, enough rambling for now. I just wanted to illustrate some of the things that can be done to force idle users off the system. -- Dave Brierley Raytheon Co.; Portsmouth RI; (401)-847-8000 x4073 ...!decvax!brunix!rayssd!dhb ...!allegra!rayssd!dhb ...!linus!rayssd!dhb
csg@pyramid.UUCP (Carl S. Gutekunst) (08/14/85)
In article <6@andromeda.UUCP> dave@andromeda.UUCP (Dave Bloom) writes: >Does anyone out there in Netland have source to a program that will >log users out automatically if their terminals have been idle for a >specified amount of time and they have no processes running???? Sys V >or 4.2bsd will do.... Two methods to kill off idle terminals were posted within the past few months: a cron-driven shell script (idlekill) and a daemon (idledaemon). You can probably get them from your nearest source archive site; I can also E-mail them to you. I'll be porting them to the Pyramid (4.2bsd) in a few weeks; if they require significant changes I'll post the entire sources in net.sources (since they are both very small). Sorry about the cross posting; the original request was in net.sources. -- -m------- Carl S. Gutekunst, Software R&D, Pyramid Technology ---mmm----- P.O. Box 7295, Mountain View, CA 94039 415/965-7200 -----mmmmm--- UUCP: {allegra,decwrl,dual,Shasta,sun,topaz}!pyramid!csg -------mmmmmmm- ARPA: pyramid!csg@sri-unix.ARPA
jeq@laidbak.UUCP (Jonathan E. Quist) (08/14/85)
In article <958@rayssd.UUCP> dhb@rayssd.UUCP (David H. Brierley) writes: >> I would suspect that a mod to the tty driver would be appro. (Fake out >> DTR/CD going inactive on timeout.) Due to the needed location, this >> is highly system dependent. > >Please dont change the tty driver to log out idle users!!!!!!! >The simplest thing that can be done is to add an enforced timeout >mechanism to the shells. Obviously this is only possible if you >have a source license. The changes are fairly simple and have >been done by several people that I know of (myself included). Please don't change the shells! It's NOT worth it. A colleague of mine recently wrote a shell script (Yes, sh script!) that accomplishes the same thing. I don't have the exact details available just now, but basically, this script would get run about once an hour from cron, would check the users (using ps, w, or whatever other standard command you like), and if any were suspiciously inactive, write a message to the tty in question, sleep 10 minutes, and, if the user hadn't done anything new, signal the login shell with SIGHUP via kill. The beast would then sleep a few more minutes just to double check.... If I can get any more details, I will post them. I will likely NOT post the actual script, because a client recently paid $$ to have it done. Among the advantages: The code is transportable across various flavors of UNIX. (This particular script runs happily under 2.9BSD and 4.2BSD.) No modification to the system is required. (Think about it. When was the last time you installed an update distribution and discovered that various "customized" commands suddenly broke?) It is relatively easy to set up "immune" users. Agreed, this is of questionable value, but suppose you modified the shells or kernel and discovered that the mod didn't *quite* work. It would be no fun at all to discover that root had 17.3 seconds in which to un-install the mods each time he/she/it logged in. There are other reasons, but it's 2:00 am and they escape me just now. Jonathan E. Quist Lachman Associates, Inc. ...ihnp4!laidbak!jeq ``I deny this is a disclaimer.''
whp@cbnap.UUCP (W. H. Pollock x4575 3S235) (08/14/85)
... >>The simplest thing that can be done is to add an enforced timeout >>mechanism to the shells. Obviously this is only possible if you >>have a source license. The changes are fairly simple and have >>been done by several people that I know of (myself included). > >Please don't change the shells! >It's NOT worth it. > You must be using csh or some non standard shell, because the Bourne shell (and the Korn shell too) already have a timeout mechanism! I'm using a SVR2.0V1 unix (new AT&T UNIX naming convention: System V Release 2.0 Version 1), but I'm sure the changes were in previous releases of unix too. If you have the source for shell, look for a file "timeout.h" where you can set the default expiration time (or set to zero if you don't want any time out). Upon invocation, sh checks to see if the environment variable "TMOUT" is set; if so, this over-rides the default defined in timeout.h. On some shells I've used, the variable was called "TIMEOUT". Wayne Pollock, {ihnp4}!cbnap!whp
jrife@fthood (08/14/85)
>Does anyone out there in Netland have source to a program that will >log users out automatically if their terminals have been idle for a >specified amount of time and they have no processes running???? Sys V >or 4.2bsd will do.... >Thanx, >Dave Bloom >Rutgers University, Newark, NJ. See the posting by fthood!egray on "idledaemon.c". I'm sure that you could modify it for your requirements. ********************************* * Jeff Rife * * ihnp4!uiucuxc!fthood!jrife * * * * "...drinking impairs your * * ability to make decisions. * * * * I don't know. You may be * * right...I can't decide." * * * *********************************
rsk@pucc-k (Wombat) (08/15/85)
In article <38@cbnap.UUCP> whp@cbnap.UUCP (W. H. Pollock x4575 3S235) writes: > >You must be using csh or some non standard shell, because the Bourne shell >(and the Korn shell too) already have a timeout mechanism! I'm using a >SVR2.0V1 unix ... >but I'm sure the changes were in previous releases ... > >Upon invocation, sh checks to see if the environment variable "TMOUT" is set; >if so, this over-rides the default defined in timeout.h. On some shells >I've used, the variable was called "TIMEOUT". Besides the unwarranted backhand slap at what most folks consider to be the standard shell for Berkeley systems, you are also guilty of sloppy thinking. If you will re-read the previous discussion, you will note that the mechanisms provided by sh/ksh, which allow the user to override any previously specified timeout value, are grossly insufficient for the expressed purpose--enforced logout after a set idle period. -- Rich Kulawiec rsk@{pur-ee,purdue}.uucp, rsk@purdue-asc.csnet rsk@purdue-asc.arpa or rsk@asc.purdue.edu
peter@baylor.UUCP (Peter da Silva) (08/16/85)
> > I would suspect that a mod to the tty driver would be appro. (Fake out > > DTR/CD going inactive on timeout.) Due to the needed location, this > > is highly system dependent. > > Please dont change the tty driver to log out idle users!!!!!!! > The simplest thing that can be done is to add an enforced timeout > mechanism to the shells. Obviously this is only possible if you > have a source license. The changes are fairly simple and have Naw. Just replace "/bin/sh" or "/bin/csh" in /etc/passwd with a program that sets an alarm & execs the appropriate shell. Since neither shell to my knowledge catches signal 14 this will dump the shell at that time. I discovered this when trying to get around an enforced timout mechanism in the shell at Berkeley. -- Peter da Silva (the mad Australian werewolf) UUCP: ...!shell!neuro1!{hyd-ptd,baylor,datafac}!peter MCI: PDASILVA; CIS: 70216,1076
dillon@ucbvax.ARPA (Matt Dillon) (08/16/85)
>> Does anyone out there in Netland have source to a program that will >> log users out automatically if their terminals have been idle for a >> specified amount of time and they have no processes running???? Sys V >> or 4.2bsd will do.... >> > >I would suspect that a mod to the tty driver would be appro. (Fake out >DTR/CD going inactive on timeout.) Due to the needed location, this >is highly system dependent. > Well, I think a mod to the tty driver would be somewhat extravagant. I see two possibilities: 1) modify the CSH or SH (or whatever) by using the 4.2 ITIMER or ALARM routines to check activity every once in a while. 2) write a daemon to look over the system (just one daemon, running as root), and kill any CSH's or SH's that have no running processes and have been idle for a long time. I myself would prefer (1), mod'ing the CSH. One thing that was done here in Berkeley for CS50 classes was to modify the CSH the students used to kick them out after a certain amount of time on the computer, and to not allow them to log in out of their scheduled lab time. (2) seems undesireable, as it would take a lot of system time accessing the proc-table, etc... and not everybody wants their CSH killed. At Berkeley, it is common to see a prof' logged in from his office for 3 days straight, Idle. Also, for (1), you would want an awful long timeout, say, check every 3 hours or something, so an IDLE CSH doesn't take up system time. -Matt P.S. Sorry, don't have any already-written source for this.
kimery@wdl1.UUCP (Sam Kimery) (08/19/85)
> Agreed, this is of questionable value, but suppose > you modified the shells or kernel and discovered > that the mod didn't *quite* work. It would be no > fun at all to discover that root had 17.3 seconds > in which to un-install the mods each time he/she/it > logged in. > This is why you set up a test login and install either sh or csh (which ever you happen to be working on) someplace like /usr/local/testbin. After it has been proven to work you then move the OLD shell to something like csh.OLD and install the NEW shell. The site that I work for functions as a service center, thus our users ask for a selectable, adjustable idle timer. This was installed with a total investment of LESS than 10 lines of code, as most of the calls already exist. I realize that daemons seem to be the way that MOST things are handled in UN*X, but why complicate a rather easy task. (provided that you have source). Sam Kimery kimery@FORD-WDL1
jeq@laidbak.UUCP (Jonathan E. Quist) (08/24/85)
> The site that I work for functions as a service center, thus >our users ask for a selectable, adjustable idle timer. Once again, the original request was for enforced logouts, not a user selectable timeout. >This was >installed with a total investment of LESS than 10 lines of code, as most >of the calls already exist. I realize that daemons seem to be the way >that MOST things are handled in UN*X, but why complicate a rather easy >task. (provided that you have source). ^ ^ ^ I rest my case. A shell script (or c program, if you prefer) monitoring user activity can be installed on ANY system. Also, strictly speaking, a program that cron wakes up every hour or so is NOT a daemon. But who's counting.