1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
Idled -- Idle "Demon"
Version 1.16
Written by Michael P. Crider
with guidance from Mike Jipping
Hope College -- Holland, MI USA
Based on Untamo
INTRODUCTION
Idled is a "demon" that runs on a machine to keep an eye on current
users. If users have been idle for too long, or have been logged on for
too long, it will warn them and log them out appropriately. The types of
checks that idled performs are the following:
idle: If a user is idle more than their allotted time, as
specified by the idled configuration file, he/she will be
warned. If no action has taken place during the warn
time, the user will then be logged out.
session: If a user is logged on for longer than the allotted
time, he/she will be warned and logged out in
'warntime' seconds if the user is still logged on
then.
multiple: If too many user sessions are active (ie. many users
logged on, or some users logged on many times), idled
will choose X many sessions for each user to keep,
warning the others, and logging those out in 'sleep'
seconds (such as 120) if there are still too many
logged in then. X is either specified as a number
of multiples per user, or is proportional to the
threshold of sessions before multiple logouts are
in effect.
refuse: If a user matches this setting, idled will terminate
the user's session after about a 5 second warning.
The basically "refuse"s access for that user (or
tty, or group) to the machine, though there may be
some time allowed when idled is sleeping between
checks.
FEATURES
Idled is configurable without recompilation for its settings, such
as the maximum allowed idle times, session limits, thresholds before
session limits and multiple login checks begin, and also the important
exemption lists. The configuration file is automatically re-read every
'sleep' seconds (specified in the configuration file). If the
configuration file missing or contains errors when idled attempts to update
its configuration, it will simply report the errors to its log file and
continue normal operation, either with its previous settings (in the event
of the file not being there or not being readable) or with all valid
settings (in the event of errors in the conf file). Idled must exit,
however, if the configuration file is doesn't exist or is not readable when
it first starts, and will also exit at the start if there are errors in the
configuration file (since they should be fixed then).
Exemptions can be set for any user, group, host the user is logged
in from, or tty for any of the checks that idled performs, such as allowing
idle timeouts to default to 60 minutes for everyone, but exempting the
'staff' group from these timeouts.
Idled has the ability to handle the console as special, so that
X-Windows environments can have appropriate settings. The special handling
includes giving an idle time, session limit, and allowed multiple logins
specifically for the user on console. All of these logout checks can also
be disabled for the windows owned by the user on console. Idle activity is
found by checking the keyboard and mouse if the user is in X-Windows.
Special checking is also done to see if the person on console is running
xlock (or some terminal locking program--the name is configurable at
compilation time) and logging the user off if the xlock program runs longer
than the allowed console idle time. The special xlock check prevents users
from running xlock and leaving the terminal for a long period of time, but
not getting logged off, since other users may press a key or move the mouse
to see if the machine is available, and in doing so makes the logged in
user no longer idle. See TODO file for a comment on xlock. Idled also has
the ability to work with some implementations of XDM.
The configuration file's path may be specified on the command line,
so that one executable can be used on multiple machines with different path
structures. Also, idled can read in separate files (specified in the config
file) to get a list of users to apply a timeout/session/refuse/exempt command
to.
SYSTEMS
Idled was written and tested extensively on Solaris 2.x. Patches
and good fortune have expanded it to HP-UX, SGI, Linux, AIX, BSDI, BSD/OS2,
BSD (specifically SunOS 4.x), Ultrix, and DIGITAL Unix. It may also work on
other OS's.
Note: The xlock checking is not functional on some systems.
On BSDI and BSD/OS2, the console user will be killed
instanting if an xlock is running at all (if checking is
enabled in Makefile). SunOS 4.x may not log off users on
console and not in openwin.
ACKNOWLEDGEMENTS
Idled originally was heavily based on the code from Untamo 3.
We give many thanks to Craig Bishop of Deakin University for his rework of
the original Untamo, as well as many thanks to Andy Wilcox and Marc Megel
of Purdue University for their hard work on the original Untamo. Idled
certainly would not have all the functionality it has if it was not for
these people.
AVAILABILITY
The newest version of idled is available via anonymous ftp to
ftp.cs.hope.edu in /pub/idled
For the most up-to-date information on idled, check out the
Idled Homepage at http://www.cs.hope.edu/~crider/idled/
All comments and suggestions for idled would be greatly appreciated
and should be sent to Mike Crider <crider@cs.hope.edu>.
|
