Sometimes the simplest tasks can’t easily be done. Until someone comes up with a way to do it, that is. One perpetual problem with UNIX systems is logging off users who leave a terminal inactive. The reasons for logging people off automatically varies with each network but common reasons are the simplest: security and licenses. Security is always compromised when a terminal or client machine like a PC has an active user login when there is no user in front of it. It’s easy for anyone to sit down and exploit that login. Licensed software is another common problem. Large development groups often have floating licenses for expensive software packages wherein a certain number of usres can use the software at a time. By leaving a session active, one license seat is tied up with no one using it.

Of course, there’s an important side issue: you shouldn’t force someone off the UNIX system if they are conducting some processes, but not using the keyboard. This is the major problem with many UNIX commands that monitor a terminal for inactivity and then log off the user. If the user has a process running but doesn’t interact with the mouse or keyboard, these utilities still assume there is no activity and kills the process. On long compilation or build applications, this is unacceptable.

Computronics has a flexible and useful approach to this problem, called Logmon. Logmon is designed to monitor inactivity, not just on a terminal basis but also in processes and users. The software can be configured with various settings for any of these conditions, and prior to logging a user out, warning messages can be sent.

Installing Logmon doesn’t take much time or trouble. It’s shipped on floppy, which is extracted using cpio and then installed with an install script. (There are versions of Logmon for many UNIX versions, including SCO.) The process takes only a few minutes. Configuring it is simple through a menu interface. An administrator sets the conditions for logout, and leaves Logmon to do its job. The settings for automatic logout can be varied based on many conditions, including user ID, group, time of day, and CPU threshold calculations. There’s a set of rules that control when Logmon activates, and what it does when activated. It’s a useful approach to a perpetual problem.

We tested Logmon on a SCO OpenServer 5 platform running several database and order-entry applications. To provide a floating license approach, we controlled access to the order-entry application to only five users simultaneously. A network of thirty clients (Windows PCs running WinRunner and some Wyse and Qume terminals running shell scripts) provided varying amounts of load. We configured Logmon to trigger on a wide variety of conditions over a two week period, and played with the settings continually to try and find conditions that wouldn’t suit us. A few really neat features helped out: the ability to use wildcards for user ID matches (setting different triggers for users in the 100-110 range verses 111-120, for example), monitoring the CPU usage and process count for each user, and setting many types of idle timers to handle situations during working hours, lunch, and overnight. Rather than just perform a kill on any tasks a user has, Logmon can be customized to handle the termination in several ways. We particularly liked being able to tell our Informix database to gracefully terminate the user sessions and update the tables, preventing corruption and open file errors.

There’s no way anyone but a programmer will call a product like Logmon “neat”, but for those of us who struggled with scripts and C code to perform this type of task, Computronics’ approach is elegant and effective. While you may not need to log users off your system when they are away from their terminal, you just as easily may want to have tighter access controls. If you do, Logmon is a product that has no rivals we know of. It’s not too expensive, and a five-week free trial shows off the utility of the software perfectly for administrators.

Logmon
$600 SCO platform
Computronics
4N165 Wood Dale Road
Addison
IL 60101
630-941-7767
630-941-7714 fax
http://www.computron.com

Summary: A useful and flexible way to gracefully log users off a system. Definitely the best approach to this task we’ve seen.