Send in your Unix questions today!


See additional Unix tips and tricks

In last week's column, we looked at a couple of ways that you can force an automatic logout of a user's session when he has been idle for too long. In particular, we looked at the TMOUT variable available in some shells and a script that uses the "who -u" command to determine how long a login session has been idle and kill to terminate sessions.



As we saw, the TMOUT variable approach to terminating idle sessions isn't a good approach to closing idle sessions if your users prefer to avoid being logged out because it is far too easy to override. We also saw that TMOUT also doesn't view time spent editing files as idle and, therefore, could leave some idle sessions running indefinitely.



While either of these two approaches has some value, neither the autologout script nor the TMOUT variable is well set up to apply different auto-logout rules to different users. If you want to allow one group of users to remain idle for several hours while constraining another to only 15 minutes of idle time, you need a more sophisticated tool.



Introducing idled

Idled (pronounced idle-dee) is a small software application that closes idle user sessions. Unlike TMOUT and the script presented last week, however, idled makes its decisions about when to terminate login sessions based on a fairly detailed configuration file. This configuration file allows sysadmins to establish different idle timeout periods for individual users or specific user groups. It can also be used to prevent too many simultaneous login sessions (too many overall logins or too many logins by an individual) on the server. It also has additional features which could be very handy at times. For example, if you temporarily need to keep one group of users from logging into a system while some other group needs exclusive access, you could disable their accounts. However, you can also use idled to ward off the unwelcome users. By using the "refuse" option, you can get idled to terminate the group's login sessions after a five second warning -- enough time to display a message explaining why the group cannot be allowed to use the system at that particular time.

In addition, idled gives you a lot of control over how you manage your idle timeouts. You can even exempt some users, groups, hosts (from which users are logging in from) or ttys from idle timeouts. You can set up special exemptions for console access too. For example, you might want to have no restrictions placed on console logins. With idled, you can do this.

If you're troubled by users who lock shared consoles with xlock and then leave the building, preventing other users from gaining access to a system, you might appreciate idled's ability to determine how long the login has been idle, independently of whether other users have tested the keyboard.

How Does it Work?

When

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine