Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logging out idle users after a certain timeframe
Operating Systems Solaris Logging out idle users after a certain timeframe Post 302426613 by goose25 on Wednesday 2nd of June 2010 12:26:48 PM
Old 06-02-2010
Quote:
Originally Posted by curleb
Well, the nuclear option that you're suggesting for yourself would be for a root or superuser to kill any jobs associated with non-Admin and higher GIDs...every 3 hours. For this to work, you'd need to identify the PIDs associated with these GIDs and work backwards from there. Gritty...and dangerous.

For example, what if little Cindy Lou Who signs on and is working on a time-critical item...only to be killed based on your cron job? The loss in her time alone might be sufficient to raise alarms, if it doesn't corrupt data as a result as well. Tack on the likelihood that it happens after-hours, after she's just signed in at 1135pm, on New Year's Eve while she's been ordered to do so from the corner office...and it spirals from there.

TMOUT, on the other hand, will serve to neutralize lingering sessions where the User has been idle (ie, not actually working) for a specified amount of time. Their own passivity serves the purpose to allow the system to sign them off; sort of like banking websites. It's a rolling window that resets according to their login time and their activity. Imagine if banks took the aggressive approach and nixed your session while you were still setting up a transfer to your offshore account? (All those fractions of cents add up, you know...)

I'd strongly suggest that you at least apply the TMOUT option first and see if would suit the audit requirement. Something that works, as opposed to a whiz-bang script written from the ground up, might just suit the requirement perfectly...with zero effort.
Given your argument and other considerations I'll go ahead and try the bash option first and if that doesn't work then I'll try something else.

---------- Post updated at 10:26 AM ---------- Previous update was at 08:26 AM ----------

Setting the TMOUT varialbe works but does not really accomplish what i want to accomplish. It closes the active terminal windows but does not accomplish a logout of the user. Is there no way to logoutout the user after a certain timeframe?
 

10 More Discussions You Might Find Interesting

1. HP-UX

Is there a script available to kill Idle users

My max user parm is set to 1050. I'm currently at 1038 this is causing major slow downs on the server. I looking for a way log off "idle" user logins with out having to do it individually. :confused: (5 Replies)
Discussion started by: rfmurphy_6
5 Replies

2. AIX

Log off idle users

How to set a timer for log out users that have been idle for a long time? It is a AIX 5L (0 Replies)
Discussion started by: wtofu
0 Replies

3. Shell Programming and Scripting

finding idle users

I am trying to write a script that will list the idle users on my system which is running HPUX 11.11. The script is currently written as : who -u > /home/rfm/scripts/user.txt echo " There are currently... " wc -l /home/rfm/scripts/user.txt echo " User logins on System : `uname -n` ... (3 Replies)
Discussion started by: rfmurphy_6
3 Replies

4. Shell Programming and Scripting

script for killing idle users

I need a script that will look for idle users and kill there proc. (7 Replies)
Discussion started by: jdel80
7 Replies

5. Shell Programming and Scripting

Idle users over 1 day

Please help, im modifing an idle script to capture (not kill) users who havee been idle over a time. now i've got to work with the exection of users whos idle time gove over 24 hrs and becomes "old". please advice on how to correct... #Clear old report, generate new data and new report echo "\n... (1 Reply)
Discussion started by: pbonilla
1 Replies

6. Shell Programming and Scripting

i need a scipt to email users with idle processes!?

hello, i am VERY new to this whole script world. I need to come up with a script that will email a user if they have an idle process past 500 minutes...any suggestions??? Thanks so much. (0 Replies)
Discussion started by: sheppy28
0 Replies

7. UNIX for Advanced & Expert Users

HP-UX users get logged off while idle.

Im "supporting" at least 2500 HP-UX workstations with CAD-related software with the B.11.11 build. I cant say anymore than that because of my companys sligtly paranoid security policy . The last few days a new problem has arised from nowhere. The problem is that users gets logged off when the... (5 Replies)
Discussion started by: Laoinjo
5 Replies

8. Shell Programming and Scripting

Killing idle users TIA

I wrote a script to kill users idle more than 1/2 hour, ignoring those in an exception list. Here is the script as it is now: #! /usr/bin/awk -f BEGIN { system("who -u | sort +5 > /tmp/loginfile"); system("echo User Sessions Killed > /tmp/killedlogins"); ... (2 Replies)
Discussion started by: PapaBear
2 Replies

9. HP-UX

kill idle users

Hi, In my network we uses the NetTerm program to connect us to HP-UX 10.x server from windows workstations, but in some cases the user doesn't logout and close it by window's x button. The problem is that in HP-UX the user and all his tasks remain active and when he enter again HP-UX creates a... (12 Replies)
Discussion started by: efrenba
12 Replies

10. AIX

Telnet sessions stay as idle users

Hi The telnet sessions stay as idle users. It is not getting kicked out. Please advise what could be the issue. only when we reboot the server these telnet sessions goes. Below is the current output from the server. we rebooted the server three days ago: pmut6:/> uptime 04:21PM... (8 Replies)
Discussion started by: newtoaixos
8 Replies

LEARN ABOUT PLAN9

uustat

uustat(1)						      General Commands Manual							 uustat(1)

NAME

       uustat - UUCP status inquiry and control

SYNOPSIS

       uustat -a

       uustat --all

       uustat  [ -eKRiMNQ ] [ -sS system ] [ -uU user ] [ -cC command ] [ -oy hours ] [ -B lines ] [ --executions ] [ --kill-all ] [ --rejuvenate-
       all ] [ --prompt ] [ --mail ] [ --notify ] [ --no-list ] [ --system system ] [ --not-system system ] [ --user user ] [ --not-user user ]  [
       --command command ] [ --not-command command ] [ --older-than hours ] [ --younger-than hours ] [ --mail-lines lines ]

       uustat [ -kr jobid ] [ --kill jobid ] [ --rejuvenate jobid ]

       uustat -q [ -sS system ] [ -oy hours ] [ --system system ] [ --not-system system ] [ --older-than hours ] [ --younger-than hours ]

       uustat --list [ -sS system ] [ -oy hours ] [ --system system ] [ --not-system system ] [ --older-than hours ] [ --younger-than hours ]

       uustat -m

       uustat --status

       uustat -p

       uustat --ps

DESCRIPTION

       The  uustat  command  can  display  various types of status information about the UUCP system.  It can also be used to cancel or rejuvenate
       requests made by uucp (1) or uux (1).

       By default uustat displays all jobs queued up for the invoking user, as if given the --user option with the appropriate argument.

       If any of the -a, --all, -e, --executions, -s, --system, -S, --not-system, -u, --user, -U, --not-user, -c,  --command,  -C,  --not-command,
       -o, --older-than, -y, --younger-than options are given, then all jobs which match the combined specifications are displayed.

       The -K or --kill-all option may be used to kill off a selected group of jobs, such as all jobs more than 7 days old.

OPTIONS

       The following options may be given to uustat.

       -a, --all
	    List all queued file transfer requests.

       -e, --executions
	    List queued execution requests rather than queued file transfer requests.  Queued execution requests are processed by uuxqt (8) rather
	    than uucico (8).  Queued execution requests may be waiting for some file to be transferred from a remote system.  They are created	by
	    an invocation of uux (1).

       -s system, --system system
	    List  all jobs queued up for the named system.  These options may be specified multiple times, in which case all jobs for all the sys-
	    tems will be listed.  If used with --list only the systems named will be listed.

       -S system, --not-system system
	    List all jobs queued for systems other than the one named.	These options may be specified multiple times, in which case no jobs  from
	    any of the specified systems will be listed.  If used with --list only the systems not named will be listed.  These options may not be
	    used with -s or --system.

       -u user, --user user
	    List all jobs queued up for the named user.  These options may be specified multiple times, in which case all jobs for all	the  users
	    will be listed.

       -U user, --not-user user
	    List all jobs queued up for users other than the one named.  These options may be specified multiple times, in which case no jobs from
	    any of the specified users will be listed.	These options may not be used with -u or --user.

       -c command, --command command
	    List all jobs requesting the execution of the named command.  If command is ALL this will list all jobs requesting	the  execution	of
	    some command (as opposed to simply requesting a file transfer).  These options may be specified multiple times, in which case all jobs
	    requesting any of the commands will be listed.

       -C command, --not-command command
	    List all jobs requesting execution of some command other than the named command, or, if command is ALL,  list  all	jobs  that  simply
	    request  a	file transfer (as opposed to requesting the execution of some command).  These options may be specified multiple times, in
	    which case no job requesting one of the specified commands will be listed.	These options may not be used with -c or --command.

       -o hours, --older-than hours
	    List all queued jobs older than the given number of hours.	If used with --list only systems whose oldest job is older than the  given
	    number of hours will be listed.

       -y hours, --younger-than hours
	    List  all  queued  jobs younger than the given number of hours.  If used with --list only systems whose oldest job is younger than the
	    given number of hours will be listed.

       -k jobid, --kill jobid
	    Kill the named job.  The job id is shown by the default output format, as well as by the -j or --jobid option to uucp (1) or uux  (1).
	    A job may only be killed by the user who created the job, or by the UUCP administrator or the superuser.  The -k or --kill options may
	    be used multiple times on the command line to kill several jobs.

       -r jobid, --rejuvenate jobid
	    Rejuvenate the named job.  This will mark it as having been invoked at the current time, affecting the output of the -o, --older-than,
	    -y,  or --younger-than options and preserving it from any automated cleanup daemon.  The job id is shown by the default output format,
	    as well as by the -j or --jobid options to uucp (1) or uux (1).  A job may only be rejuvenated by the user who created the job, or	by
	    the  UUCP administrator or the superuser.  The -r or --rejuvenate options may be used multiple times on the command line to rejuvenate
	    several jobs.

       -q, --list
	    Display the status of commands, executions and conversations for all remote systems for which commands or executions are queued.   The
	    -s, --system, -S, --not-system, -o, --older-than, -y, and --younger-than options may be used to restrict the systems which are listed.
	    Systems for which no commands or executions are queued will never be listed.

       -m, --status
	    Display the status of conversations for all remote systems.

       -p, --ps
	    Display the status of all processes holding UUCP locks on systems or ports.

       -i, --prompt
	    For each listed job, prompt whether to kill the job or not.  If the first character of the input line is  y  or  Y	the  job  will	be
	    killed.

       -K, --kill-all
	    Automatically  kill  each  listed  job.  This can be useful for automatic cleanup scripts, in conjunction with the --mail and --notify
	    options.

       -R, --rejuvenate-all
	    Automatically rejuvenate each listed job.  This may not be used with --kill-all.

       -M, --mail
	    For each listed job, send mail to the UUCP administrator.  If the job is killed (due to --kill-all or  --prompt  with  an  affirmative
	    response)  the mail will indicate that.  A comment specified by the --comment option may be included.  If the job is an execution, the
	    initial portion of its standard input will be included in the mail message; the number of lines to include may be set with the --mail-
	    lines  option  (the  default  is  100).   If the standard input contains null characters, it is assumed to be a binary file and is not
	    included.

       -N, --notify
	    For each listed job, send mail to the user who requested the job.  The mail is identical to that sent by the -M or --mail options.

       -W comment, --comment comment
	    Specify a comment to be included in mail sent with the -M, --mail, -N, or --notify options.

       -B lines, --mail-lines lines
	    When the -M, --mail, -N, or --notify options are used to send mail about an execution with standard input, this  option  controls  the
	    number of lines of standard input to include in the message.  The default is 100.

       -Q, --no-list
	    Do	not  actually  list  the  job, but only take any actions indicated by the -i, --prompt, -K, --kill-all, -M, --mail, -N or --notify
	    options.

       -x type, --debug type
	    Turn on particular debugging types.  The following types are recognized: abnormal, chat, handshake, uucp-proto, proto,  port,  config,
	    spooldir, execute, incoming, outgoing.  Only abnormal, config, spooldir and execute are meaningful for uustat.

	    Multiple types may be given, separated by commas, and the --debug option may appear multiple times.  A number may also be given, which
	    will turn on that many types from the foregoing list; for example, --debug 2 is equivalent to --debug abnormal,chat.

       -I file, --config file
	    Set configuration file to use.  This option may not be available, depending upon how uustat was compiled.

       -v, --version
	    Report version information and exit.

       --help
	    Print a help message and exit.

EXAMPLES

       uustat --all
       Display status of all jobs.  A sample output line is as follows:
	    bugsA027h bugs ian 04-01 13:50 Executing rmail ian@airs.com (sending 1283 bytes)
       The format is
	    jobid system user queue-date command (size)
       The jobid may be passed to the --kill or --rejuvenate options.  The size indicates how much data is to be transferred to the remote system,
       and  is	absent	for  a	file receive request.  The --system, --not-system, --user, --not-user, --command, --not-command, --older-than, and
       --younger-than options may be used to control which jobs are listed.

       uustat --executions
       Display status of queued up execution requests.	A sample output line is as follows:
	    bugs bugs!ian 05-20 12:51 rmail ian
       The format is
	    system requestor queue-date command
       The --system, --not-system, --user, --not-user, --command, --not-command, --older-than, and --younger-than options may be used  to  control
       which requests are listed.

       uustat --list
       Display status for all systems with queued up commands.	A sample output line is as follows:
	    bugs	    4C (1 hour)   0X (0 secs) 04-01 14:45 Dial failed
       This  indicates the system, the number of queued commands, the age of the oldest queued command, the number of queued local executions, the
       age of the oldest queued execution, the date of the last conversation, and the status of that conversation.

       uustat --status
       Display conversation status for all remote systems.  A sample output line is as follows:
	    bugs	   04-01 15:51 Conversation complete
       This indicates the system, the date of the last conversation, and the status of that conversation.  If the last conversation failed, uustat
       will  indicate how many attempts have been made to call the system.  If the retry period is currently preventing calls to that system, uus-
       tat also displays the time when the next call will be permitted.

       uustat --ps
       Display the status of all processes holding UUCP locks.	The output format is system dependent, as uustat simply invokes  ps  (1)  on  each
       process holding a lock.

	    uustat --command rmail --older-than 168 --kill-all --no-list --mail --notify --comment "Queued for over 1 week"
       This  will  kill all rmail commands that have been queued up waiting for delivery for over 1 week (168 hours).  For each such command, mail
       will be sent both to the UUCP administrator and to the user who requested the rmail execution.  The mail  message  sent	will  include  the
       string  given by the --comment option.  The --no-list option prevents any of the jobs from being listed on the terminal, so any output from
       the program will be error messages.

SEE ALSO

       ps(1), rmail(1), uucp(1), uux(1), uucico(8), uuxqt(8)

AUTHOR

       Ian Lance Taylor (ian@airs.com)

								 Taylor UUCP 1.07							 uustat(1)
All times are GMT -4. The time now is 07:49 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy