Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logging out idle users after a certain timeframe
Operating Systems Solaris Logging out idle users after a certain timeframe Post 302426613 by goose25 on Wednesday 2nd of June 2010 12:26:48 PM
Old 06-02-2010
Quote:
Originally Posted by curleb
Well, the nuclear option that you're suggesting for yourself would be for a root or superuser to kill any jobs associated with non-Admin and higher GIDs...every 3 hours. For this to work, you'd need to identify the PIDs associated with these GIDs and work backwards from there. Gritty...and dangerous.

For example, what if little Cindy Lou Who signs on and is working on a time-critical item...only to be killed based on your cron job? The loss in her time alone might be sufficient to raise alarms, if it doesn't corrupt data as a result as well. Tack on the likelihood that it happens after-hours, after she's just signed in at 1135pm, on New Year's Eve while she's been ordered to do so from the corner office...and it spirals from there.

TMOUT, on the other hand, will serve to neutralize lingering sessions where the User has been idle (ie, not actually working) for a specified amount of time. Their own passivity serves the purpose to allow the system to sign them off; sort of like banking websites. It's a rolling window that resets according to their login time and their activity. Imagine if banks took the aggressive approach and nixed your session while you were still setting up a transfer to your offshore account? (All those fractions of cents add up, you know...)

I'd strongly suggest that you at least apply the TMOUT option first and see if would suit the audit requirement. Something that works, as opposed to a whiz-bang script written from the ground up, might just suit the requirement perfectly...with zero effort.
Given your argument and other considerations I'll go ahead and try the bash option first and if that doesn't work then I'll try something else.

---------- Post updated at 10:26 AM ---------- Previous update was at 08:26 AM ----------

Setting the TMOUT varialbe works but does not really accomplish what i want to accomplish. It closes the active terminal windows but does not accomplish a logout of the user. Is there no way to logoutout the user after a certain timeframe?
 

10 More Discussions You Might Find Interesting

1. HP-UX

Is there a script available to kill Idle users

My max user parm is set to 1050. I'm currently at 1038 this is causing major slow downs on the server. I looking for a way log off "idle" user logins with out having to do it individually. :confused: (5 Replies)
Discussion started by: rfmurphy_6
5 Replies

2. AIX

Log off idle users

How to set a timer for log out users that have been idle for a long time? It is a AIX 5L (0 Replies)
Discussion started by: wtofu
0 Replies

3. Shell Programming and Scripting

finding idle users

I am trying to write a script that will list the idle users on my system which is running HPUX 11.11. The script is currently written as : who -u > /home/rfm/scripts/user.txt echo " There are currently... " wc -l /home/rfm/scripts/user.txt echo " User logins on System : `uname -n` ... (3 Replies)
Discussion started by: rfmurphy_6
3 Replies

4. Shell Programming and Scripting

script for killing idle users

I need a script that will look for idle users and kill there proc. (7 Replies)
Discussion started by: jdel80
7 Replies

5. Shell Programming and Scripting

Idle users over 1 day

Please help, im modifing an idle script to capture (not kill) users who havee been idle over a time. now i've got to work with the exection of users whos idle time gove over 24 hrs and becomes "old". please advice on how to correct... #Clear old report, generate new data and new report echo "\n... (1 Reply)
Discussion started by: pbonilla
1 Replies

6. Shell Programming and Scripting

i need a scipt to email users with idle processes!?

hello, i am VERY new to this whole script world. I need to come up with a script that will email a user if they have an idle process past 500 minutes...any suggestions??? Thanks so much. (0 Replies)
Discussion started by: sheppy28
0 Replies

7. UNIX for Advanced & Expert Users

HP-UX users get logged off while idle.

Im "supporting" at least 2500 HP-UX workstations with CAD-related software with the B.11.11 build. I cant say anymore than that because of my companys sligtly paranoid security policy . The last few days a new problem has arised from nowhere. The problem is that users gets logged off when the... (5 Replies)
Discussion started by: Laoinjo
5 Replies

8. Shell Programming and Scripting

Killing idle users TIA

I wrote a script to kill users idle more than 1/2 hour, ignoring those in an exception list. Here is the script as it is now: #! /usr/bin/awk -f BEGIN { system("who -u | sort +5 > /tmp/loginfile"); system("echo User Sessions Killed > /tmp/killedlogins"); ... (2 Replies)
Discussion started by: PapaBear
2 Replies

9. HP-UX

kill idle users

Hi, In my network we uses the NetTerm program to connect us to HP-UX 10.x server from windows workstations, but in some cases the user doesn't logout and close it by window's x button. The problem is that in HP-UX the user and all his tasks remain active and when he enter again HP-UX creates a... (12 Replies)
Discussion started by: efrenba
12 Replies

10. AIX

Telnet sessions stay as idle users

Hi The telnet sessions stay as idle users. It is not getting kicked out. Please advise what could be the issue. only when we reboot the server these telnet sessions goes. Below is the current output from the server. we rebooted the server three days ago: pmut6:/> uptime 04:21PM... (8 Replies)
Discussion started by: newtoaixos
8 Replies

LEARN ABOUT OSX

finger

FINGER(1)						    BSD General Commands Manual 						 FINGER(1)

NAME

     finger -- user information lookup program

SYNOPSIS

     finger [-46gklmpsho] [user ...] [user@host ...]

DESCRIPTION

     The finger utility displays information about the system users.

     Options are:

     -4      Forces finger to use IPv4 addresses only.

     -6      Forces finger to use IPv6 addresses only.

     -g      This option restricts the gecos output to only the users' real name.  It also has the side-effect of restricting the output of the
	     remote host when used in conjunction with the -h option.

     -h      When used in conjunction with the -s option, the name of the remote host is displayed instead of the office location and office
	     phone.

     -k      Disable all use of utmpx(5).

     -l      Produce a multi-line format displaying all of the information described for the -s option as well as the user's home directory, home
	     phone number, login shell, mail status, and the contents of the files .forward, .plan, .project and .pubkey from the user's home
	     directory.

	     If idle time is at least a minute and less than a day, it is presented in the form ``hh:mm''.  Idle times greater than a day are pre-
	     sented as ``d day[s]hh:mm''.

	     Phone numbers specified as eleven digits are printed as ``+N-NNN-NNN-NNNN''.  Numbers specified as ten or seven digits are printed as
	     the appropriate subset of that string.  Numbers specified as five digits are printed as ``xN-NNNN''.  Numbers specified as four dig-
	     its are printed as ``xNNNN''.

	     If write permission is denied to the device, the phrase ``(messages off)'' is appended to the line containing the device name.  One
	     entry per user is displayed with the -l option; if a user is logged on multiple times, terminal information is repeated once per
	     login.

	     Mail status is shown as ``No Mail.'' if there is no mail at all, ``Mail last read DDD MMM ## HH:MM YYYY (TZ)'' if the person has
	     looked at their mailbox since new mail arriving, or ``New mail received ...'', ``Unread since ...'' if they have new mail.

     -m      Prevent matching of user names.  User is usually a login name; however, matching will also be done on the users' real names, unless
	     the -m option is supplied.  All name matching performed by finger is case insensitive.

     -o      When used in conjunction with the -s option, the office location and office phone information is displayed instead of the name of the
	     remote host.

     -p      Prevent the -l option of finger from displaying the contents of the .forward, .plan, .project and .pubkey files.

     -s      Display the user's login name, real name, terminal name and write status (as a ``*'' before the terminal name if write permission is
	     denied), idle time, login time, and either office location and office phone number, or the remote host.  If -o is given, the office
	     location and office phone number is printed (the default).  If -h is given, the remote host is printed instead.

	     Idle time is in minutes if it is a single integer, hours and minutes if a ``:'' is present, or days if a ``d'' is present.  If it is
	     an ``*'', the login time indicates the time of last login.  Login time is displayed as the day name if less than 6 days, else month,
	     day; hours and minutes, unless more than six months ago, in which case the year is displayed rather than the hours and minutes.

	     Unknown devices as well as nonexistent idle and login times are displayed as single asterisks.

     If no options are specified, finger defaults to the -l style output if operands are provided, otherwise to the -s style.  Note that some
     fields may be missing, in either format, if information is not available for them.

     If no arguments are specified, finger will print an entry for each user currently logged into the system.

     The finger utility may be used to look up users on a remote machine.  The format is to specify a user as ``user@host'', or ``@host'', where
     the default output format for the former is the -l style, and the default output format for the latter is the -s style.  The -l option is the
     only option that may be passed to a remote machine.

     If the file .nofinger exists in the user's home directory, and the program is not run with superuser privileges, finger behaves as if the
     user in question does not exist.

     The optional finger.conf(5) configuration file can be used to specify aliases.  Since finger is invoked by fingerd(8), aliases will work for
     both local and network queries.

ENVIRONMENT

     The finger utility utilizes the following environment variable, if it exists:

     FINGER	 This variable may be set with favored options to finger.

FILES

     /etc/finger.conf  alias definition data base
     /var/log/lastlog  last login data base

SEE ALSO

     chpass(1), w(1), who(1), finger.conf(5), fingerd(8)

     D. Zimmerman, The Finger User Information Protocol, RFC 1288, December, 1991.

HISTORY

     The finger command appeared in 3.0BSD.

BUGS

     The current FINGER protocol RFC requires that the client keep the connection fully open until the server closes.  This prevents the use of
     the optimal three-packet T/TCP exchange.  (Servers which depend on this requirement are bogus but have nonetheless been observed in the
     Internet at large.)

     The finger utility does not recognize multibyte characters.

BSD
								   July 17, 2004							       BSD
All times are GMT -4. The time now is 01:49 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy