Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!nrl-cmf!ukma!gatech!purdue!decwrl!hplabs!hp-sdd!ucsdhub!isg100!nusdhub!rwhite From: rwhite@nusdhub.UUCP (Robert C. White Jr.) Newsgroups: comp.unix.wizards Subject: Re: Autologout of unused terminals Message-ID: <1265@nusdhub.UUCP> Date: 9 Dec 88 01:11:57 GMT References: <17885@glacier.STANFORD.EDU> Organization: National University, San Diego Lines: 82 in article <17885@glacier.STANFORD.EDU>, jbn@glacier.STANFORD.EDU (John B. Nagle) says: > > > The solution used in some high-security environments is to build a > physical fence around the terminal and its user. Opening the gate in > the fence forces an immediate logout. But every time your boss comes to visit you have to explain why you arn't even loggend in ;-) > This is more than most sites would want. However, it might not > be unreasonable in some installations to protect priviledged terminals > in this way. There is a shell-over-login aproach which I have deduced, but not tried. you move "/bin/login" to "/bin/login2" and make the following program into "/bin/login": (general description, not code fragment I leave the actual code as an excersize to the reader) static int loginpid; void killsession() { /* kill loginpid and MAKE SHURE it's DEAD depend on Death-of-parent for exit */ while (0 == 0) { kill(loginpid,9); sleep(3); } } void watcher() { /* get current time in seconds fstat stdin */ /* if stdin_time - current_time > allowable then killsession */ } main(argc,argv) int argc; char *argv[]; { if (fork()==0) { loginpid = getppid(); /* SET SIGNAL TO CALL Killsession on any significant signaling event to prevent user from killing processes and voiding the intent of this file. Death-of-parent should not be trapped to allow abortive exit. */ watcher(); } else { execv("/bin/login",argv); exit(-1); } } WHY THIS WORKS: After the fork the PARENT process is exec(ed) to login which fufills login's requirement that its parent be init. The child process is set to be ended when the parent dies for any reason, so the program needs no exit state. If the child process receives any kind of signal it will kill the login process/first shell/primary environment/whatever which was it's parent. If fstat reveals that the communication port has not been read-from or written-to within an acceptable time (via fstat of stdin, do not use stat on /dev/tty as this is often updated by many people) the login/etc. process is killed; and the child process is signaled to death in the process. Warning: MAKE SHURE YOU HAVE one (or more) terminal logged in as root, and another one on which to preform the test of the installation. If you don't do this you could end up not logged in as anything, and have no working /bin/login to let you in al all. THIS CAN BE A REAL NIGHTMARE! Disclaimer: I didn't write the program, I only came up with the idea. IF it dosn't work, or it damages your system, don't look at me! I DIDN'T WRITE IT and I'm not in the habbit of taking the blame for things I didn't do. Rob.