timeoutd(8) Enforce idle and session time restrictions

SYNOPSIS

/usr/sbin/timeoutd [ user tty ]

DESCRIPTION

timeoutd enforces the time restrictions specified in /etc/timeouts. When invoked in daemon mode (without any parameters) timeoutd backgrounds itself, then scans /var/run/utmp every minute and checks /etc/timeouts for an entry which matches that user, based on:
- The current day and time
- The tty that the user is currently logged in on
- The user's login ID
- Any primary or secondary groups the user is in

If a match is found, the limits specified for that entry are enforced by sending a SIGHUP (Hangup signal) to the user's login process, followed after 5 seconds by a SIGKILL (Sure kill signal) to ensure the user is logged out.

Where possible, timeoutd will send a warning to the user every minute for 5 minutes (or other time specified in /etc/timeouts) before logging them out. Warnings are not sent for exceeded idle limits, as this would count as activity on the terminal.

Timeoutd currently allows limits to be set on idle time as well as amount of time logged in per session and per day.

When calculating idle time, any activity on the terminal, either incoming (such as typing) or outgoing (such as information displayed on the screen) is counted as activity. This is to prevent log-offs during file transfers.

Under Linux, timeoutd detects when a serial line is in SLIP mode and disables idle time limit checking (as the last read/write times for the tty are not updated).

Debug information, error messages and notification of users who have been timed out are all recorded via syslog (facility=DAEMON).

timeoutd can also be invoked by login to check whether a user is allowed to login at that time, or whether they have exceeded their daily time limit. When invoked in this way, by passing a username and tty (without the leading /dev) on the command line, timeoutd returns one of the following exit codes:

0 User is allowed to login
1 Fatal error
5 Incorrect command line format
10 User has exceeded maximum daily connect time
20 User not permitted to login at this time on this tty
30 Internal error checking user name (probably invalid user name)

FILES

/etc/timeouts - lists valid login times and idle/session time restrictions
/var/run/utmp - current login sessions
/var/log/wtmp - for calculating total logged in time for current day

BUGS

Sessions which end in the current day but started before midnight will not be considered when calculating total daily logged in time for a user on that day. This will not, however, affect checking of the session limit, which should limit such problems. It does mean that a user could conceivably exceed their maximum daily time by one extra session if they log on just before midnight.

WRITTEN BY

Orginally written by Shane Alderton <[email protected]>, updated by Dennis Stampfer <[email protected]>.