Title: Logging off idle terminals (Autolog)
Autolog is an enhanced version of idleout, this utility gives the administrator a great deal of control over who is logged out and when. It is ideal for those sites where users keep their screens logged in overnight and the backup fails. Also where users start up virtual screens and then forget about them.!!
If autolog is not already on your machine please contact support and they will send you a copy. Autolog has not been written by us and while we can help you setup and configure it we cannot guarantee it will meet your needs or will work at all on your system.
Autolog will kill terminals that have been idle for a period of time. You can specify that specific terminals (or users) are exempt or have different idle times. These are specified by 'rules', add the 'rules' to the file /usr/local/etc/autolog.conf
The most basic rule is:
idle=60
This will log all users on any screen out if they have been idle for more than 60 minuites when autolog is run. One thing to remember is that idle time is defined by keyboard input e.g. the last time someone touched the keyboard.
You can add additional rules to specify different settings for users and terminals.
For example, to make sure that modem calls don't last too long by someone forgetting to hang up a modem call:
line=tty2A idle=10
This will kill anyone on the modem line that has been idle for 10 mins.
Configuration File
The option on each rule line are:
| name = | Name of the user |
| line = | ttyline of the terminal |
| idle=mins | How long the screen has to be idle before killed. (If idle is set to zero then they will be exempt). |
| grace=secs | Process will be killed after the number of seconds. |
For example:
line=tty12 idle=50 nowarn | Anyone on terminal tty12 will be removed if it has been idle for 50 mins. |
name=vet idle=120 nomail | User 'vet' will be killed if they have been
idle for 2 hours.
|
name=tom line=tty12 idle=0 | User 'tom' on terminal line 'tty12' will be exempt. |
These are the core options.
Additional options that can be include are:
| warn | nowarn | Send (Don't send) 'warning' before killing user |
| nomail | Send (Don't send) e-mail reason for killing | |
| log | nolog | Log (Don't log) the fact the process was killed |
| hard | Kill process of 'connected' time rather than idle time |
The defaults are: mail, warn, log, grace=30 that is mail will be sent, a warning will be given and the fact will be logged.
Check the defaults, use some common sense, if users don't check their mail then make sure nomail is set, if you are running it when you don't expect users to be on the system, set nowarn, as there will be no-one there to see the warnings.
It is helpfull to include any specific options at the start of the rule list e.g. specific users and specific tty lines then add a 'catch all' rule as per:
idle=60
If none of the earlier lines match then this rule will be used, that is log any user off who has been idle for an hour.
Testing
Type autolog -n -d | more
to show what will happen.
name=.+ group=.+ line=tty0[1-8] idle=50 grace=30 mail=1 warn=0 log=1 name=vet group=.+ line=.+ idle=120 grace=30 mail=1 warn=1 log=0 name=tom group=.+ line=.+ idle=240 grace=30 mail=0 warn=1 log=1 name=.+ group=.+ line=.+ idle=60 grace=30 mail=1 warn=1 log=1 Checking: root on /dev/tty01 I:0 T:7 Login: Sat Jun 16 16:26:38 2001 Match # 1: U:root Grp:sys Line:tty01 Pid:635 Sess: 4:59 Subject to logout Idle time: 0 (50 allowed) Checking: root on /dev/tty02 I:0 T:7 Login: Sat Jun 16 16:56:07 2001 Match # 1: U:root Grp:sys Line:tty02 Pid:636 Sess: 4:30 Subject to logout Idle time: 0 (50 allowed) Checking: root on /dev/tty03 I:65 T:7 Login: Sat Jun 16 17:08:21 2001 Match # 1: U:root Grp:sys Line:tty03 Pid:637 Sess: 4:17 Subject to logout Idle time: 65 (50 allowed) Would kill this process Checking: root on /dev/tty09 I:258 T:7 Login: Sat Jun 16 16:39:42 2001 Match # 4: U:root Grp:sys Line:tty09 Pid:643 Sess: 4:46 Subject to logout Idle time: 258 (60 allowed) Would kill this process Checking: tom on /dev/tty12 I:284 T:7 Login: Sat Jun 16 16:41:23 2001 Match # 3: U:tom Grp:group Line:tty12 Pid:646 Sess: 4:44 Subject to logout Idle time: 284 (240 allowed) Would kill this process
Running
Autolog is generally run out of root's crontab file.
The idle time is calculated whenever autolog is run, which is generally one of the following:
- Run it once late evening to throw off any user who has left their terminal
logged in after they have left.
0 22 * * * /usr/local/bin/autologThis will run at 10pm.
- Run it during the course of the day to kill screens that have been idle
for a period of time (specified by idle=xx in autolog.conf).
0,20,40 * * * * /usr/local/bin/autologIn this case autolog will run three times an hour, if at this time any of the idle times are matched the process will be killed.
Use crontab -e to add one of the above lines.
Logging
If the log option is used then the file /var/log/autolog.log will be updated whenever a user is killed. The log file must exist before any logging is performed.
Gotcha's
The order the rules occur are important, specific rules should appear before and global ones, for example,
idle=60
user=tom idle=0
The 2nd line would never be seen and all users including 'tom' would be logged off if idle time exceeded 60 mins.
Idle time is determined by the last time the keyboard was touched. If you are in the habbit of running 'long' reports that don't need anyone to type anything e.g. manual backup, manual validataion then you should either:
- Use cron or at to run the report in the background (background processes
are exempt from autolog).
- Run them either as a specific user or on a specific terminal and then
ensure that user (or terminal) are exempt.
e.g.
user=tom idle=0Anything user tom does is exempt
line=tty12 idle=0Terminal tty12 is exempt or a combination of them both
user=tom line=tty12 idle=0Only if user tom is logged in on tty12 will it be exempt. - Use the SCO supplied 'idleout' script which does not have the limitation
of only keyboard input. However, with idleout you will need to either
kill all users or hack the script to exclude users or terminals.