doinkd 0.01 review
Downloaddoinkd project is a "daemon" that runs on a machine to keep an eye on current users
|
|
doinkd project is a "daemon" that runs on a machine to keep an eye on current users. If users have been idle for too long, or have been logged on for too long, it will warn them and log them out appropriately. The types of checks that doinkd performs are the following:
maxuser: *NEW* If a declared number of sessions, either by group or userid, are active, that user and subsequent users/sessions are warned and their sessions are terminated.
idle: If a user is idle more than their allotted time, as specified by the doinkd configuration file, he/she will be warned. If no action has taken place during the warn time, the user will then be logged out.
session: If a user is logged on for longer than the allotted time, he/she will be warned and logged out in 'warntime' seconds if the user is still logged on then.
multiple: If too many user sessions are active (ie. many users logged on, or some users logged on many times), doinkd will choose X many sessions for each user to keep, waning the others, and logging those out in 'sleep' seconds (such as 120) if there are still too many logged in then. X is either specified as a number of multiples per user, or is proportional to the threshold of sessions before multiple logouts are in effect.
refuse: If a user matches this setting, doinkd will terminate the user's session after about a 5 second warning. The basically "refuse"s access for that user (or tty, or group) to the machine, though there may be some time allowed when doinkd is sleeping between checks.
doinkd is configurable without recompilation for its settings, such as the maximum allowed idle times, session limits, thresholds before session limits and multiple login checks begin, and also the important exemption lists. The configuration file is automatically re-read every 'sleep' seconds (specified in the configuration file). If the
configuration file missing or contains errors when doinkd attempts to update its configuration, it will simply report the errors to its log file and continue normal operation, either with its previous settings (in the event of the file not being there or not being readable) or with all valid settings (in the event of errors in the conf file). doinkd must exit, however, if the configuration file is doesn't exist or is not readable when it first starts, and will also exit at the start if there are errors in the configuration file (since they should be fixed then).
Exemptions can be set for any user, group, host the user is logged in from, or tty for any of the checks that doinkd performs, such as allowing idle timeouts to default to 60 minutes for everyone, but exempting the 'staff' group from these timeouts.
doinkd has the ability to handle the console as special, so that X-Windows environments can have appropriate settings. The special handling includes giving an idle time, session limit, and allowed multiple logins specifically for the user on console. All of these logout checks can also be disabled for the windows owned by the user on console. Idle activity is found by checking the keyboard and mouse if the user is in X-Windows. Special checking is also done to see if the person on console is running xlock (or some terminal locking program--the name is configurable at
compilation time) and logging the user off if the xlock program runs longer than the allowed console idle time. The special xlock check prevents users from running xlock and leaving the terminal for a long period of time, but not getting logged off, since other users may press a key or move the mouse to see if the machine is available, and in doing so makes the logged in user no longer idle. See TODO file for a comment on xlock. doinkd also has the ability to work with some implementations of XDM.
The configuration file's path may be specified on the command line, so that one executable can be used on multiple machines with different path structures. Also, doinkd can read in separate files (specified in the config file) to get a list of users to apply a timeout/session/refuse/exempt command to.
doinkd 0.01 keywords