Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site laidbak.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!laidbak!jeq From: jeq@laidbak.UUCP (Jonathan E. Quist) Newsgroups: net.sources Subject: Re: Re: Automatic Logout Process Message-ID: <165@laidbak.UUCP> Date: Wed, 14-Aug-85 02:44:36 EDT Article-I.D.: laidbak.165 Posted: Wed Aug 14 02:44:36 1985 Date-Received: Sat, 17-Aug-85 15:34:30 EDT References: <6@andromeda.UUCP> <264@sesame.UUCP> <958@rayssd.UUCP> Reply-To: jeq@laidbak.UUCP (Jonathan E. Quist) Organization: LAI Chicago Lines: 55 Summary: In article <958@rayssd.UUCP> dhb@rayssd.UUCP (David H. Brierley) writes: >> I would suspect that a mod to the tty driver would be appro. (Fake out >> DTR/CD going inactive on timeout.) Due to the needed location, this >> is highly system dependent. > >Please dont change the tty driver to log out idle users!!!!!!! >The simplest thing that can be done is to add an enforced timeout >mechanism to the shells. Obviously this is only possible if you >have a source license. The changes are fairly simple and have >been done by several people that I know of (myself included). Please don't change the shells! It's NOT worth it. A colleague of mine recently wrote a shell script (Yes, sh script!) that accomplishes the same thing. I don't have the exact details available just now, but basically, this script would get run about once an hour from cron, would check the users (using ps, w, or whatever other standard command you like), and if any were suspiciously inactive, write a message to the tty in question, sleep 10 minutes, and, if the user hadn't done anything new, signal the login shell with SIGHUP via kill. The beast would then sleep a few more minutes just to double check.... If I can get any more details, I will post them. I will likely NOT post the actual script, because a client recently paid $$ to have it done. Among the advantages: The code is transportable across various flavors of UNIX. (This particular script runs happily under 2.9BSD and 4.2BSD.) No modification to the system is required. (Think about it. When was the last time you installed an update distribution and discovered that various "customized" commands suddenly broke?) It is relatively easy to set up "immune" users. Agreed, this is of questionable value, but suppose you modified the shells or kernel and discovered that the mod didn't *quite* work. It would be no fun at all to discover that root had 17.3 seconds in which to un-install the mods each time he/she/it logged in. There are other reasons, but it's 2:00 am and they escape me just now. Jonathan E. Quist Lachman Associates, Inc. ...ihnp4!laidbak!jeq ``I deny this is a disclaimer.''