bpendlet@esunix.UUCP (Bob Pendleton) (07/01/87)
in article <1226@osiris.UUCP>, jdia@osiris.UUCP (Josh Diamond) says: >7) Make sure that all acounts autologout after a relatively short period > of idle time (perhaps send a warning message after 30 seconds idle time, > then autologout if still no key hit within 30 seconds). This would prevent > the "root forgot to log out and left an open terminal as superuser" problem. ^^^^^^^^^^^^^^^^^^^^^^ Roots are human too. That is why they should only be allowed to logon from ONE terminal. That terminal should be in a LOCKED room. > Autologout is a nice thing to have. But a 30 SECOND limit? 30 seconds isn't enough time to look over a screen of text looking for a typo. You can spend 30 seconds reading your coffee mug and staring at the wall trying to figure out an error message! I worked for a place once that had 5 minutes before warning and 5 minutes after that before autologout, 10 minutes total from last key pressed to assumed dead and logged out. Everyone had at least one program that could fake terminal input and thus defeat autologout. Any time you weren't actively typing, like when the boss walks in, or you need another cup of coffee, or ... it was standard to fire up one of these (we called them) diddlers and leave it running. One fellow left one running when he went on vacation. It was killed in a system crash but it kept him logged in for 3 or 4 days before that happended. Where I work now we have 25 minutes before warning and 5 minutes more before logout. Very few people even notice it, nobody really complains about it. Everyone knows how to defeat it, but few people bother. In other words it works. Autologout is a great idea, but be resonable about the limits you set. Unresonable limits will force people to find ways around them. -- Bob Pendleton @ Evans & Sutherland UUCP Address: {decvax,ucbvax,ihnp4,allegra}!decwrl!esunix!bpendlet Alternate: {ihnp4,seismo}!utah-cs!utah-gr!uplherc!esunix!bpendlet I am solely responsible for what I say.