From owner-freebsd-isp Sun Jul 15 18: 2:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id E752837B401 for ; Sun, 15 Jul 2001 18:02:11 -0700 (PDT) (envelope-from ryan@sasknow.com) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id TAA27882; Sun, 15 Jul 2001 19:00:43 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Sun, 15 Jul 2001 19:00:43 -0600 (CST) From: Ryan Thompson To: James Wyatt Cc: Kal Torak , =?iso-8859-1?Q?Mat=EEss?= Elsbergs , Marc Veldman , freebsd-isp@FreeBSD.ORG Subject: Re: Background processes limiting In-Reply-To: Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org James Wyatt wrote to Kal Torak: > On Sun, 15 Jul 2001, Kal Torak wrote: > > Why not just make .logout owned by root? Only give the users group read > > access... That should work, just have a killall -m . -9 or something > > like that in there... > > > > Then just have your cron job running every so often to clean up anything > > that might of somehow slipped though the cracks... > > If the file is owned by root, but in a directory owned by joe.user, > then Joe can easily 'rm' the file himself. I liked the idea of using a > .logout, but having a cron job 1) ensure the few processes missed by > ".logout"s get caught and addressed, 2) report users who have removed > or altered their .logout files, and 3) regenerate any altered or > deleted .logout files. I simply put "schg uunlnk /home/$user/.logout" into our automated user creation scripts after the skel files are copied. Works like a charm. If you want to do this in past-tense to an existing user base (this assumes all user accounts are off of a common home directory--repeat this step for alternate home roots) 1) Create a suitable .logout file that fits your purposes. I'll assume it is named .logout, in the current working directory Use the following slick little command: apply 'install -c -m 0555 -o 0 -g 0 -f uunlnk .logout' /home/*/ That will install a copy of the file .logout from the current directory, everyone read/exec, owned by root:wheel, user unlink flag set, into each directory off of /home/. Fun, huh? If everyone already has .logout files and you just want to set the flags: chflags uunlnk /home/*/.logout Depending on the number of users, these commands may take a while to complete, so be warned ;-) If you want to allow your users to customize their .logout files, have the default .logout script exec something like ~/dot.logout at a suitable time during the script. If you only want to allow certain people to do this (say, staff members, with UID < 1000), just wrap the call to dot.logout in an if statement: if [ $UID -lt 1000 ]; then # Call user defined logout ~/dot.logout fi Some shells recognize system-wide logout files... But the above approach ensures that the user can not override system default logout conditions. > Too bad there isn't a syste-wide .logout file something like > /etc/logout to match the /etc/profile for logins. (or is there?) - Jy@ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Ryan Thompson Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message