Title: Logging off idle terminals (Autolog)
Autolog is an enhanced version of idleout, this utility gives the administrator a great deal of control over who is logged out and when. It is ideal for those sites where users keep their screens logged in overnight and the backup fails. Also where users start up virtual screens and then forget about them.!!
If autolog is not already on your machine please contact support and they will send you a copy. Autolog has not been written by us and while we can help you setup and configure it we cannot guarantee it will meet your needs or will work at all on your system.
It is installed in three steps:
- Copy the program to /usr/local/bin
- Edit /etc/autolog.conf
- Modify cron to invoke the program
Autolog consists of two parts, the actual program ( /usr/local/bin/autolog) and the configuration file (/etc/autolog.conf).
The first step is to set up the configuration file:
The configuration file consists of multiple lines, each of which describes a class of processes subject (or not subject) to a certain auto logout procedure.
The first parameter on the line is a username.
The second parameter is a tty line.
Both the username and tty line can be expressed as a 'regular expression', this is the ability to use * a ? and a . to match various characters. Username and tty can be entered specifically, to cover a range or to cover all
| Username | |
|---|---|
| root | specific |
| ch* | any user with a name starting with ch |
| .* | all users |
| tty | |
| tty12 | specific |
| tty[1-9] | tty's 1 to 9 inclusive |
| .* | all terminals |
These parameters are followed by the idle time, the grace period, a mailer switch, and an idle/total time switch, this options are explained later.
The system will check the time each user has been idle and compare that with each line in the configurations file. The FIRST entry to match both the name and the tty line of the process will be used to conduct the auto logout.
- Edit /etc/autolog.conf with an editor (ste, pico), a sample file is
shown below.
- Enter a regular expression for the username and tty line. Both expressions must be matched before the line will be applied to any existing process.
idle(min) - If the process has been idle more than 'idle' minutes, the user will be given warning that it about to be killed. If this is set to zero (0) the process is exempt from automatic logout.
grace(sec) - After this number of seconds, autolog will attempt to kill the process. e.g. specifies the length of time a user has to press return to stop the logout process.
mail - If this is set to yes, mail will be sent to let the user know how his process met it's end.
i/h i will start the logout process after idle(min) minutes of inactivity.
h will logout idle(min) minutes after logon.
If you want the default to be "not to kill," put this "cleanup" pattern as the last line of the config file matching any username and any line:
.* .* 0 0 no
Sample File
This is a sample config file
#username tty idle(min) grace(sec) mail i/h root .* 15 60 yes i tom .* 0 0 no i wait .* 240 120 no h fred tty12 300 120 no i .* tty008 5 30 no i .* .* 30 120 no i
This translates to:
- "root" will logout after 15 minutes of inactivity at any terminal
essential for security. Root will also be mailed that a screen was
killed.
- "tom" will never be logged out - This is NOT recommended.
- "wait" will log out 4 hours after logging on, regardless of activity.
Used to run a vet system user called wait from any terminal.
Wait only has access to the waiting room list. - "fred" will log out after 5 hours of inactivity on tty12. This
happens to be a virtual screen, which can be hidden from other
users once a process is started. Useful for running long validations,
where a logout will stop the process. Set idle(min) greater than
the time it takes to run your longest validation.
- "any user" on tty008 will log out after 5 minutes of inactivity.
For reception terminals that are configured to open till drawers.
- "all non specified user/tty combinations" will log out after 30 minutes.
Any other users in the practice, or specified users on non-specified terminals, will be picked up by this entry.
TIP: Make sure the .* .* (trap everybody else) entry is on
the last line of the config file otherwise anything specific
below it will be ignored.
Once you have set up your configuration file you should test it. Wait until the system has a bunch of idle processes. Run :
autolog -d -n |more
and examine the output to see that the desired processes are going to "get the axe." If it looks good, try running "autolog -d" to make sure. When you're happy with your configuration file, setup cron.
Running via Cron
crontab -e
In your Crontab file place a line that invokes autolog about every few minutes, such as:
0,15,30,45 * * * * /usr/local/bin/autolog
On our system cron only runs the process at night. This way, users sessions stay on uninterrupted during the workday but are killed before the backup takes place. I use the line:
0 22 * * * /usr/local/bin/autolog
Remember: Users are only logged out when they have been idle for the specified time WHEN autolog runs.