Re: Login session hasn't been abandoned after TIMEOUT time
- From: gerg@xxxxxxxxx (Greg Andrews)
- Date: Fri, 5 Jan 2007 06:30:07 +0000 (UTC)
"newbie" <new@xxxxxxx> writes:
I set "TIMEOUT= 300" in /etc/default/login, logout and login again, but that
setting has no effect, login session hasn't been abandoned after 5 minutes
SunOS c3sun04 5.9 Generic_118558-25 sun4u sparc SUNW,Sun-Fire-V440
The /etc/default/login config file controls the behavior of the
/usr/bin/login program. From the man page for login:
The login command is used at the beginning of each terminal
session to identify oneself to the system. login is invoked
by the system when a connection is first established [...]
login asks for your user name, if it is not supplied as an
argument, and your password, if appropriate. Where possible,
echoing is turned off while you type your password, so it
will not appear on the written record of the session.
[login's response to a bad username/password deleted]
After a successful login, accounting files are updated. Dev-
ice owner, group, and permissions are set according to the
contents of the /etc/logindevperm file, and the time you
last logged in is printed (see logindevperm(4)).
The user-ID, group-ID, supplementary group list, and working
directory are initialized, and the command interpreter (usu-
ally ksh) is started.
So after you have logged into the computer (i.e. typed the proper
username and password, and received a shell command prompt), the
login program is no longer running. It has been replaced by your
shell (called the "command interpreter" in the last sentence above).
If you want to test the timeout controlled by /etc/default/login, you
need to get on a serial console (not the GUI login screen, or telnet
or ssh), type a login name at the "login:" prompt, and then wait for
more than 5 minutes at the "password:" prompt. (the initial "login:"
prompt on a serial console comes from ttymon, but the "password:" prompt
comes from login)
However, that's probably not what you're trying to do. You're probably
trying to kick off idle users. That usually isn't possible with a
single configuration parameter.
If your idle users are just sitting at a ksh or bash command prompt,
it can be as easy as setting the TMOUT environment variable. Those two
shells will exit if they're idle for the number of seconds in TMOUT.
If your users are at a csh or sh prompt, it's more difficult because
those shells don't have TMOUT or an equivalent. tcsh might not either.
Even if your users use ksh or bash, if they're running a program when
they go idle (i.e. they're not looking at the shell's command prompt),
then only that program knows they have become idle. If that program
doesn't time out and exit, they won't be logged out. For example, if
they're running their mail reading program when they go home for the
day. The shell thinks they're doing something (running the mail program)
and doesn't time out the session.
As you can see, logging out idle users often isn't an easy thing to do.
People have written software daemons that check for idle sessions in
various ways and kill the ones that seem to be doing nothing. The thing
that complicates this is the system administrators usually need to be
exempted so they can fix problems without being kicked off. And then
there's database admins with SQL commands that take 30 minutes to finish,
and the CEO will scream if he's kicked off the server, and...
The best thing to do is analyse what your users are doing when they
become idle (sitting at a command prompt, or running a program), and
see if the simple ksh/bash TMOUT variable will help. Beyond that, the
more sophisticated daemons are usually necessary.
Do NOT reply via e-mail.
Reply in the newsgroup.
- Prev by Date: Re: Solaris 2.8 Bind installation problem
- Next by Date: Re: Two USB drives of same model can't be mounted simultaneously
- Previous by thread: Solaris Express on SPARC, slow video??
- Next by thread: Re: Login session hasn't been abandoned after TIMEOUT time