06-02-2010
Quote:
Originally Posted by
curleb
Well, the nuclear option that you're suggesting for yourself would be for a root or superuser to kill any jobs associated with non-Admin and higher GIDs...every 3 hours. For this to work, you'd need to identify the PIDs associated with these GIDs and work backwards from there. Gritty...and dangerous.
For example, what if little Cindy Lou Who signs on and is working on a time-critical item...only to be killed based on your cron job? The loss in her time alone might be sufficient to raise alarms, if it doesn't corrupt data as a result as well. Tack on the likelihood that it happens after-hours, after she's just signed in at 1135pm, on New Year's Eve while she's been ordered to do so from the corner office...and it spirals from there.
TMOUT, on the other hand, will serve to neutralize lingering sessions where the User has been idle (ie, not actually working) for a specified amount of time. Their own passivity serves the purpose to allow the system to sign them off; sort of like banking websites. It's a rolling window that resets according to their login time and their activity. Imagine if banks took the aggressive approach and nixed your session while you were still setting up a transfer to your offshore account? (All those fractions of cents add up, you know...)
I'd strongly suggest that you at least apply the TMOUT option first and see if would suit the audit requirement. Something that works, as opposed to a whiz-bang script written from the ground up, might just suit the requirement perfectly...with zero effort.
Given your argument and other considerations I'll go ahead and try the bash option first and if that doesn't work then I'll try something else.
---------- Post updated at 10:26 AM ---------- Previous update was at 08:26 AM ----------
Setting the TMOUT varialbe works but does not really accomplish what i want to accomplish. It closes the active terminal windows but does not accomplish a logout of the user. Is there no way to logoutout the user after a certain timeframe?
10 More Discussions You Might Find Interesting
1. HP-UX
My max user parm is set to 1050. I'm currently at 1038 this is causing major slow downs on the server. I looking for a way log off "idle" user logins with out having to do it individually. :confused: (5 Replies)
Discussion started by: rfmurphy_6
5 Replies
2. AIX
How to set a timer for log out users that have been idle for a long time? It is a AIX 5L (0 Replies)
Discussion started by: wtofu
0 Replies
3. Shell Programming and Scripting
I am trying to write a script that will list the idle users on my system which is running HPUX 11.11. The script is currently written as :
who -u > /home/rfm/scripts/user.txt
echo " There are currently... "
wc -l /home/rfm/scripts/user.txt
echo " User logins on System : `uname -n` ... (3 Replies)
Discussion started by: rfmurphy_6
3 Replies
4. Shell Programming and Scripting
I need a script that will look for idle users and kill there proc. (7 Replies)
Discussion started by: jdel80
7 Replies
5. Shell Programming and Scripting
Please help, im modifing an idle script to capture (not kill) users who havee been idle over a time. now i've got to work with the exection of users whos idle time gove over 24 hrs and becomes "old". please advice on how to correct...
#Clear old report, generate new data and new report
echo "\n... (1 Reply)
Discussion started by: pbonilla
1 Replies
6. Shell Programming and Scripting
hello, i am VERY new to this whole script world. I need to come up with a script that will email a user if they have an idle process past 500 minutes...any suggestions??? Thanks so much. (0 Replies)
Discussion started by: sheppy28
0 Replies
7. UNIX for Advanced & Expert Users
Im "supporting" at least 2500 HP-UX workstations with CAD-related software with the B.11.11 build. I cant say anymore than that because of my companys sligtly paranoid security policy .
The last few days a new problem has arised from nowhere.
The problem is that users gets logged off when the... (5 Replies)
Discussion started by: Laoinjo
5 Replies
8. Shell Programming and Scripting
I wrote a script to kill users idle more than 1/2 hour, ignoring those in an exception list. Here is the script as it is now:
#! /usr/bin/awk -f
BEGIN {
system("who -u | sort +5 > /tmp/loginfile");
system("echo User Sessions Killed > /tmp/killedlogins");
... (2 Replies)
Discussion started by: PapaBear
2 Replies
9. HP-UX
Hi,
In my network we uses the NetTerm program to connect us to HP-UX 10.x server from windows workstations, but in some cases the user doesn't logout and close it by window's x button. The problem is that in HP-UX the user and all his tasks remain active and when he enter again HP-UX creates a... (12 Replies)
Discussion started by: efrenba
12 Replies
10. AIX
Hi
The telnet sessions stay as idle users. It is not getting kicked out.
Please advise what could be the issue. only when we reboot the server these telnet sessions goes.
Below is the current output from the server. we rebooted the server three days ago:
pmut6:/> uptime
04:21PM... (8 Replies)
Discussion started by: newtoaixos
8 Replies
FINGER(1) BSD General Commands Manual FINGER(1)
NAME
finger -- user information lookup program
SYNOPSIS
finger [-46gklmpsho] [user ...] [user@host ...]
DESCRIPTION
The finger utility displays information about the system users.
Options are:
-4 Forces finger to use IPv4 addresses only.
-6 Forces finger to use IPv6 addresses only.
-g This option restricts the gecos output to only the users' real name. It also has the side-effect of restricting the output of the
remote host when used in conjunction with the -h option.
-h When used in conjunction with the -s option, the name of the remote host is displayed instead of the office location and office
phone.
-k Disable all use of utmpx(5).
-l Produce a multi-line format displaying all of the information described for the -s option as well as the user's home directory, home
phone number, login shell, mail status, and the contents of the files .forward, .plan, .project and .pubkey from the user's home
directory.
If idle time is at least a minute and less than a day, it is presented in the form ``hh:mm''. Idle times greater than a day are pre-
sented as ``d day[s]hh:mm''.
Phone numbers specified as eleven digits are printed as ``+N-NNN-NNN-NNNN''. Numbers specified as ten or seven digits are printed as
the appropriate subset of that string. Numbers specified as five digits are printed as ``xN-NNNN''. Numbers specified as four dig-
its are printed as ``xNNNN''.
If write permission is denied to the device, the phrase ``(messages off)'' is appended to the line containing the device name. One
entry per user is displayed with the -l option; if a user is logged on multiple times, terminal information is repeated once per
login.
Mail status is shown as ``No Mail.'' if there is no mail at all, ``Mail last read DDD MMM ## HH:MM YYYY (TZ)'' if the person has
looked at their mailbox since new mail arriving, or ``New mail received ...'', ``Unread since ...'' if they have new mail.
-m Prevent matching of user names. User is usually a login name; however, matching will also be done on the users' real names, unless
the -m option is supplied. All name matching performed by finger is case insensitive.
-o When used in conjunction with the -s option, the office location and office phone information is displayed instead of the name of the
remote host.
-p Prevent the -l option of finger from displaying the contents of the .forward, .plan, .project and .pubkey files.
-s Display the user's login name, real name, terminal name and write status (as a ``*'' before the terminal name if write permission is
denied), idle time, login time, and either office location and office phone number, or the remote host. If -o is given, the office
location and office phone number is printed (the default). If -h is given, the remote host is printed instead.
Idle time is in minutes if it is a single integer, hours and minutes if a ``:'' is present, or days if a ``d'' is present. If it is
an ``*'', the login time indicates the time of last login. Login time is displayed as the day name if less than 6 days, else month,
day; hours and minutes, unless more than six months ago, in which case the year is displayed rather than the hours and minutes.
Unknown devices as well as nonexistent idle and login times are displayed as single asterisks.
If no options are specified, finger defaults to the -l style output if operands are provided, otherwise to the -s style. Note that some
fields may be missing, in either format, if information is not available for them.
If no arguments are specified, finger will print an entry for each user currently logged into the system.
The finger utility may be used to look up users on a remote machine. The format is to specify a user as ``user@host'', or ``@host'', where
the default output format for the former is the -l style, and the default output format for the latter is the -s style. The -l option is the
only option that may be passed to a remote machine.
If the file .nofinger exists in the user's home directory, and the program is not run with superuser privileges, finger behaves as if the
user in question does not exist.
The optional finger.conf(5) configuration file can be used to specify aliases. Since finger is invoked by fingerd(8), aliases will work for
both local and network queries.
ENVIRONMENT
The finger utility utilizes the following environment variable, if it exists:
FINGER This variable may be set with favored options to finger.
FILES
/etc/finger.conf alias definition data base
/var/log/lastlog last login data base
SEE ALSO
chpass(1), w(1), who(1), finger.conf(5), fingerd(8)
D. Zimmerman, The Finger User Information Protocol, RFC 1288, December, 1991.
HISTORY
The finger command appeared in 3.0BSD.
BUGS
The current FINGER protocol RFC requires that the client keep the connection fully open until the server closes. This prevents the use of
the optimal three-packet T/TCP exchange. (Servers which depend on this requirement are bogus but have nonetheless been observed in the
Internet at large.)
The finger utility does not recognize multibyte characters.
BSD
July 17, 2004 BSD