Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.3 alpha 4/15/85; site ucbvax.ARPA Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!ihnp4!ucbvax!info-vax From: info-vax@ucbvax.ARPA Newsgroups: fa.info-vax Subject: RE: Removing inactive users Message-ID: <7662@ucbvax.ARPA> Date: Fri, 31-May-85 15:18:31 EDT Article-I.D.: ucbvax.7662 Posted: Fri May 31 15:18:31 1985 Date-Received: Sat, 1-Jun-85 02:35:52 EDT Sender: daemon@ucbvax.ARPA Organization: University of California at Berkeley Lines: 51 From: There are two reasons for removing inactive users from a VAX. One reason is security-related, and the other pertains to the squandering of resources. So far as security is concerned, a person who logs on and then doesn't do anything on the computer may or may not remain at his terminal. If he goes away and remains logged on, then what is to stop someone else from accessing the computer from the logged-on terminal and wreaking havoc? Not only is the account in danger of the person who is logged in, but the rest of the users are in danger, too. So far as the inactive user is concerned, it the inactive user is concerned, it is possible to rationalize and say that it is his own fault for being negligent, although the rationalization breaks down on account of two reasons: first of all, preoccupation is more often the culprit than negligence, and secondly, the loss is often to the employer more than to the employee. However, in addition to the danger to the person's own account is the possibility of someone else, masquerading as the departed user, who now can hack around in the computer in anonymity since security accountability always depends on identifying the user through his username or UIC, while this hacker is logged in on someone else's account. The situation is analogous to a driver leaving the keys in the ignition and the engine on, and walking away. In the case of a vehicle, the process of exiting from the vehicle is ample reminder to the driver to turn off the ignition and remove the keys. In the case of a computer, the user may turn away from the terminal and continue working at his desk, then an hour later get up to go to lunch, forgetting entirely about his logged-on terminal. Some terminals have screen-saver features that blank out the screen after a period of inactivity, even though the original user is still logged in. The blank screen makes it much less likely that the user will log out when he gets up to go. Using the vehicle-driver analogy again, if the driver goes away for a few hours, leaving the engine on, gas is being burned and other resources are being consumed (oil, engine and other mechanical wear, etc). In the computer, the number of ports may be limited, if a telephone port or a PACX is being used. Also, each process takes up a certain amount of system resources, even when it is inactive. There is no point in consuming even a small amount of overhead when this is not needed. On ARI-HQ1, we currently have eighteen active telephone ports, and there are times when users are turned away by a busy signal when the rotary is entirely occupied. If we allowed someone to log on and then keep his port tied up as long as he wants, then a few people would wind up tying up ports without need and thereby making life more difficult for others who need to get onto the system. It would take a greater number of telephone lines to handle the actual need, and the additional ports taken up for telephone lines would leave us with fewer ports available for hard-wire connections. Charlie Abzug Charlie@ARI-HQ1 ------