root@conexch.UUCP (Larry Dighera) (01/02/88)
In article <3341@umn-cs.cs.umn.edu> choudhur@umn-cs.cs.umn.edu (Tahsin Choudhuri) writes: > >Ques: Is it possible to make the login shell to time-out, > (i.e. kill itself) if for 15 minutes lets say nothing > has been typed on the terminal. I am running C-shell > under ATT Sys-V. >=============================================================================== >Tahsin Choudhuri, Computer Science Dept. University of Minnesota, Mpls, MN 55455 Tahsin: There are several ways to do this. The simplest is to get a copy of the Korn Shell which supports an environment variable, TMOUT, which if set to a value greater than zero, will terminate the shell if a command is not entered within the prescribed number of seconds. You could set the value of this variable in /etc/profile and then set it to read-only status to prevent users from changing it. Here is a copy of a shell program that was published in Unix World magazine recently. It will log out idle users: # #LOGFILE=/usr/adm/autolog2 # logging file #MAXTIME=15 # allowed idle time #TZ=EST8EDT; export TZ # needed for date ## set -x # for debugging ## Examine all logged in accounts # #who| sed 's/:/ /'| #while read LINE #do # set $LINE # uid=$1 # tty=$2 # date="$3 $4 $5:$6" # ## Calculate time since last access # # ttytime=`ls -lu /dev/$tty |sed 's/:/ /'| # awk '{printf "%d", $9 * 60 + $10}'` # # We don't want to calculate curtime statically # # before entering this loop; it can get stale..... # # Calculate current time in minutes: # curtime=`date |sed 's/:/ /g' |awk '{printf "%d", $4 * 60 +$5} '` # # curtime checked AFTER ttytime to prevent negative idle # # due to gross clock granularity # # port logoff # case $2 in # tty14) # MAXTIME=6;; # tty22) # MAXTIME=6;; # *) ;; # esac # #if test "/dev/$tty" = /dev/tty14 # #then # #MAXTIME=600 # #else # #MAXTIME=15 # #fi # idle=`expr $curtime - $ttytime ` # # Try to handle midnight wraparounds properly # if [ $idle -lt 0 ]; then # idle=`expr 24 \* 60 - $ttytime + $curtime` # fi # if [ $idle -ge $MAXTIME ]; then # echo "" >> $LOGFILE # echo `date` $uid $tty WARNING >> $LOGFILE # echo "\n\007\007 # $uid, you have been idle longer than $MAXTIME minutes # you will be logged off # unless you press <RETURN> # \007\007 # ">/dev/$tty # # # Calculate the new terminal device access time # # after the warning message is sent to the terminal # before=`ls -lu /dev/$tty|sed 's/:/ /'| # awk '{printf "%d", $9 * 60 + $10}'` # sleep 30 # # Calculate the terminal device access time after 1 minute # # after=`ls -lu /dev/$tty |sed 's/:/ /' | # awk '{printf "%d", $9 * 60 + $10}'` # # If access time is the same, waste the turkey # if [ $before -eq $after ]; then # echo "`date` $uid ++ logged-off++">>$LOGFILE # echo "Logged off--excess idle time `date`"|mail $uid # # # Get abbreviated terminal number # case $tty in # console) stty='co';; # *) stty=`expr "$tty" : 'tty\(.*\)'`;; # esac # # Kill all processes created by that terminal # # in reverse numerical order # # ps -eax required on Pyramid; ps -e on others... # for i in `who -u| # awk "{if (\\$2 == \"$tty\") print \\$1}"|sort -nr` # do # kill $i # sleep 5 # kill -1 $i # done # fi # fi #done # But, the most comprehensive session monitoring program that I have run across is UNTAMO. It not only allows logging out idle terminals, but a System Administrator can also set session time limits based on username, group, port, and restrict a user from multiple logins. There is a version of untamo patched for Xenix in /usr/spool/uucppublic/untamo.tar.Z on conexch. Feel free to uucp it to your site if you like. Best Regards, Larry Dighera -- USPS: The Consultants' Exchange, PO Box 12100, Santa Ana, CA 92712 TELE: (714) 842-6348: BBS (N81); (714) 842-5851: Xenix guest account (E71) UUCP: conexch Any ACU 2400 17148425851 ogin:-""-ogin:-""-ogin: nuucp UUCP: ...!ucbvax!ucivax!mickey!conexch!root || ...!trwrb!ucla-an!conexch!root
dhawk@well.UUCP (David Hawkins) (01/03/88)
In the referenced article, root@conexch.UUCP (Larry Dighera) wrote: >But, the most comprehensive session monitoring program that I >have run across is UNTAMO. It not only allows logging out idle >terminals, but a System Administrator can also set session time >limits based on username, group, port, and restrict a user from >multiple logins. There is a version of untamo patched for Xenix >in /usr/spool/uucppublic/untamo.tar.Z on conexch. Feel free to >uucp it to your site if you like. > Has anyone been able to get UNTAMO to run under 4.3 BSD? I can get it to compile and start up and create its log file, but it doesn't log anyone out. You can safely assume I'm a dummy, but be as explicit as possible. Any help would be appreciated. I do have my original shar file and can restart from scratch on it. All I want to do is log out anyone who's been idle more than 15 min.--I don't care about session limits or multiple logins. I've got UNTAMO3, is there a more recent version? Thanks for any help. Email is fine. -- David Hawkins {ptsfa,hplabs,ucbvax}!well!dhawk It is a luxury to be understood. - Ralph Waldo Emerson -
lvc@tut.cis.ohio-state.edu (Lawrence V. Cipriani) (01/04/88)
previous quotation deleted > > There are several ways to do this. The simplest is to get a copy of the > Korn Shell which supports an environment variable, TMOUT, which if set to > a value greater than zero, will terminate the shell if a command > is not entered within the prescribed number of seconds. You > could set the value of this variable in /etc/profile and then set > it to read-only status to prevent users from changing it. The TMOUT variable only works at PS1. If ksh waits at any other read it will wait forever. For example just type a \ at PS1, ksh prints PS2 and will wait forever. Setting it to read only isn't much help either since a user can type the command: ksh and set TMOUT for that subshell to whatever value he or she desires. Also you can just type in a command like cat or dc without any arguments and sit all day. This is why you have to resort to programs to kill off users. > Here is a copy of a shell program that was published in Unix > World magazine recently. It will log out idle users: Thanks for the program! -- Larry Cipriani AT&T Network Systems at cbosgd!osu-cis!tut!lvc Ohio State University
bill@trotter.usma.edu (Bill Gunshannon) (01/07/88)
All these cute little scripts/programs to kill off idle users are cute
but they are also futile. It doesn't take much imagination to come up
with a program to put a clock on the screen or just write any meaningless
little message out to the screen every few minutes in order to beat it.
Unless there is a shortage of ttys or better system than the ones I've
seen so far I wouldn't bother as the overhead of all these little time
wasters may be worse than the idle terminals.
Can't you just see a digital clock program redrawing the whole screen
every second. :-)
bill gunshannon
UUCP: {philabs}\ US SNAIL: Martin Marietta Data Systems
{phri } >!trotter.usma.edu!bill USMA, Bldg 600, Room 26
{sunybcs}/ West Point, NY 10996
RADIO: KB3YV PHONE: WORK (914)446-7747
AX.25: KB3YV @ K3RLI PHONE: HOME (914)565-5256anne@hall.cray.com (Anne Chenette) (01/14/88)
In article <1152@trotter.usma.edu>, bill@trotter.usma.edu (Bill Gunshannon) writes: > > All these cute little scripts/programs to kill off idle users are cute > but they are also futile. It doesn't take much imagination to come up > with a program to put a clock on the screen or just write any meaningless > little message out to the screen every few minutes in order to beat it. > > Unless there is a shortage of ttys ... I wouldn't bother ... > Well, I have a bunch of "unimaginative" users who forget to log off, and I also have a severe shortage of tty's (we're using a Sun 3/280 with a 16-port mux as if it were a VAX 11/780...). I'm not so worried about overhead as I am about increasing access to the machine. I'm very interested in getting a login shell to time-out (after 1/2 to 1 hour). Anne Chenette ...!ihnp4!cray!anne