HPE Community
Operating System - HP-UX
1838870 Members
3861 Online
110130 Solutions
New Discussion

Re: Maximum idle time on system

 
Joe Robinson_2
Super Advisor

‎10-19-2001 11:34 AM

‎10-19-2001 11:34 AM

Maximum idle time on system

I'm curious if anyone can advise me whether it is advisable to automate removing users off your systems after a certain amount of idle time, and if so, how you did it. I typically have certain user that will log on and have over 3 hours of idle time. I realize that simply having a shell running won't take that many resources, but I'd like to get some input from others.

Thanks in advance,
Joe Robinson
0 Kudos
Reply
7 REPLIES 7
harry d brown jr
Honored Contributor

‎10-19-2001 11:43 AM

‎10-19-2001 11:43 AM

Re: Maximum idle time on system

It depends upon your applications. If they are in the middle of a transaction, and they get called away from their desk to work on an emergency, and then come back and find out they were logged off, then they probably won't be to happy. I'd ask the developers to put in a timeout into the application at points where it makes sense. These places would be when the user is at a menu, in a read-only situation, etc...

It's always important not to fustrate the users, because most of them put the butter on our bread. A lot of it can be done through education of the users.

If the users are at a unix prompt, then you can wack them by setting TMOUT, but make sure to set it as a readonly variable, as some will soon lean how to defeat it. But then again, I always advise against having "normal" users, that's those that aren't DBA's or SA's at any unix prompt.

harry

live free or die
Live Free or Die
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎10-19-2001 12:01 PM

‎10-19-2001 12:01 PM

Re: Maximum idle time on system

As was mentioned you can set in the users .profile the TMOUT variable and then they will be logged out.
Now some folks don't like that. And I understand that. But if you are running a system with hundreds upon hundreds users than you can't let a bunch of 'doing nothing' users tie up resources. So in certain cases, I do kill these kinds of users.
BUT BEWARE....as was said you may face the 'ire of these users. And you must be ABOSOLUTELY CERTAIN you only kill the right ones.
In this shop we get rid of idle sessions on dial ups. We can identify these users in two ways. First they always show as wc_x_ _ _ so we can grep for this...Second they always have login id's in ALL CAPS, again we can grep for this. Now this makes certain that we are ONLY KILLING outside dial up connections. And we do a simple kill, not a silver bullet. So it's a kinder to the end users processes. Here's the script we wrote here:

rm /scripts/who.remove
who -u | grep wc_x > /scripts/who.out
awk ' BEGIN [
while ( "cat /scripts/who.out" | getline ) {
entries++
if ( $1 ~ "[A-Z] && $6 > "1:00" )
print $1, $7 }
} ' >> /scripts/who.remove
kpid=`cat /scripts/who.remove | awk '{print $2}'`
kill $kpid

Then we set this up to cron hourly. So far, it works fairly well for us...and keeps these pesky dial ups from hanging on the line doing nothin !
Hope this gives you some ideas,

Regards,
Rita

..hope my typing is solid too...it's Friday and I am so ready for w/e
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎10-19-2001 12:03 PM

‎10-19-2001 12:03 PM

Re: Maximum idle time on system

..oops that [ after BEGIN should be a { ...

arghghghgh typing tired !

Rita
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-19-2001 12:54 PM

‎10-19-2001 12:54 PM

Re: Maximum idle time on system

If you are just talking about "telnet/rlogin" sessions, you can set TMOUT value in /etc/profile and make it readonly so that the users cannot alter it. Their sessions will timeout after the value you set. You don't need to write any script.

If you are talking about other sessions, your application should take care of it.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎10-19-2001 01:42 PM

‎10-19-2001 01:42 PM

Re: Maximum idle time on system

Hi Joe:

As the others have mentioned setting TMOUT will do part of this. There is a more important reason than system resources for forcing logout of idle sessions - security. It is normally a BAD thing to have a terminal session open so that someone can come by and do who knows what. Even DBA's who ABSOLUTELY POSITIVELY MUST NOT be logged out can be taught to use nohup and why it is even their friend especially over remote connections. Generally, a small baseball bat suffices for this lesson.

My 3 cents, Clay

If it ain't broke, I can fix that.
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎10-20-2001 03:06 AM

‎10-20-2001 03:06 AM

Re: Maximum idle time on system

Hi Joe

As well as all of the above I would suggest that you pre-warn your users that a timeout is going to be put in place and give them a couple of weeks to put their reasons if any as to why they think it will cause problems.

Find options for them and then implement your plan.

Document all the way so that if problems occur once the timeout is in place you can show that users had an opportunity to voice their opinions and what you did to help.

Keeping users happy keeps management happy which more than helps when we ask for pay raises and courses.

;-)

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎10-20-2001 08:20 AM

‎10-20-2001 08:20 AM

Re: Maximum idle time on system

Just wanted to put in my two cents regarding knocking out users. I used to set the TMOUT variable to 3hrs, but soon enough pple complained that I just removed it. But I never got concensus on what a proper timeout should be and now I have the opposite problem, i.e. ppl logged in for 4-5 days. Mind you, they're not totally idle sessions, just that they're too lazy to log out of the system.
I think its absolutely necessary to timeout special accounts, include oracle. There should be no reason why these users should have more than 1 1/2 idle time....but again, that's just my opinion.

-Santos
Life is what's happening while you're busy making other plans
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.