-
Notifications
You must be signed in to change notification settings - Fork 7
/
timeoutd.8
79 lines (79 loc) · 3.05 KB
/
timeoutd.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
.TH TIMEOUTD 8
.SH NAME
timeoutd \- Enforce idle and session time restrictions
.SH SYNOPSIS
.B /usr/sbin/timeoutd [ user tty ]
.SH DESCRIPTION
.B timeoutd
enforces the time restrictions specified in
.IR /etc/timeouts .
When invoked in daemon mode (without any parameters) timeoutd backgrounds
itself, then scans \fB/var/run/utmp\fR every minute and checks \fB/etc/timeouts\fR
for an entry which matches that user, based on:
.IP "\- The current day and time"
.IP "\- The tty that the user is currently logged in on"
.IP "\- The user's login ID"
.IP "\- Any primary or secondary groups the user is in"
.PP
If a match is found, the limits specified for that entry are enforced by
sending a
.B SIGHUP
(Hangup signal) to the user's login process, followed
after 5 seconds by a
.B SIGKILL
(Sure kill signal) to ensure the user is
logged out.
.PP
Where possible,
.B timeoutd
will send a warning to the user
every minute for 5 minutes (or other time specified in
.IR /etc/timeouts )
before logging them out. Warnings are not sent for exceeded idle limits,
as this would count as activity on the terminal.
.PP
Timeoutd currently allows limits to be set on idle time as well as amount
of time logged in per session and per day.
.PP
When calculating idle time, any activity on the terminal, either incoming
(such as typing) or outgoing (such as information displayed on the screen)
is counted as activity. This is to prevent log-offs during file transfers.
.PP
Under Linux,
.B timeoutd
detects when a serial line is in SLIP mode and disables
idle time limit checking (as the last read/write times for the tty are
not updated).
.PP
Debug information, error messages and notification of users who have been
timed out are all recorded via syslog (facility=DAEMON).
.PP
.B timeoutd
can also be invoked by login to check whether a user is allowed
to login at that time, or whether they have exceeded their daily time limit.
When invoked in this way, by passing a username and tty (without the leading
/dev) on the command line,
.B timeoutd
returns one of the following exit codes:
.IP "0 User is allowed to login
.IP "1 Fatal error
.IP "5 Incorrect command line format
.IP "10 User has exceeded maximum daily connect time
.IP "20 User not permitted to login at this time on this tty
.IP "30 Internal error checking user name (probably invalid user name)
.SH FILES
.IP "/etc/timeouts \- lists valid login times and idle/session time restrictions
.IP "/var/run/utmp \- current login sessions
.IP "/var/log/wtmp \- for calculating total logged in time for current day
.SH BUGS
Sessions which end in the current day but started before midnight
will not be considered when calculating total daily logged in time for a
user on that day. This will not, however, affect checking of the
session limit, which should limit such problems. It does
mean that a user could conceivably exceed their maximum daily time
by one extra session if they log on just before midnight.
.SH "SEE ALSO"
.BR timeouts "(5)
.SH "WRITTEN BY"
Orginally written by Shane Alderton <[email protected]>, updated by
Dennis Stampfer <[email protected]>.