From owner-freebsd-isp  Sun Jul 15  7:17:45 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id A39CA37B401
	for <freebsd-isp@freebsd.org>; Sun, 15 Jul 2001 07:17:42 -0700 (PDT)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1997 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m15Lmh3-000CDWC@bsdie.rwsystems.net>
	for <freebsd-isp@freebsd.org>; Sun, 15 Jul 2001 09:16:21 -0500 (CDT)
	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25)
Date: Sun, 15 Jul 2001 09:16:14 -0500 (CDT)
From: James Wyatt <jwyatt@rwsystems.net>
To: Kal Torak <kaltorak@quake.com.au>
Cc: =?iso-8859-1?Q?Mat=EEss?= Elsbergs <sandstorm@astranet.lv>,
	Marc Veldman <freebsd@lurkie.xs4all.nl>, freebsd-isp@freebsd.org
Subject: Re: Background processes limiting
In-Reply-To: <3B512528.BD0C9C21@quake.com.au>
Message-ID: <Pine.BSF.4.10.10107150907380.46742-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Sun, 15 Jul 2001, Kal Torak wrote:
> James Wyatt wrote:
> > I have seen such things done in .logout scripts, but usually users can
> > remove the .logout file to prevent the action. One approach might be to
> > have a script run from cron that finds processes with a PPID of "1"
> > (parent now init) and owned by a regular login user and kills them.
> > Another might be to look for regular-user process without an associated
> > tty device. Hope this helps... - Jy@
> 
> Why not just make .logout owned by root? Only give the users group read
> access... That should work, just have a killall -m . -9 or something
> like that in there...
> 
> Then just have your cron job running every so often to clean up anything
> that might of somehow slipped though the cracks...

If the file is owned by root, but in a directory owned by joe.user, then
Joe can easily 'rm' the file himself. I liked the idea of using a .logout,
but having a cron job 1) ensure the few processes missed by ".logout"s get
caught and addressed, 2) report users who have removed or altered their
.logout files, and 3) regenerate any altered or deleted .logout files.

Too bad there isn't a syste-wide .logout file something like /etc/logout
to match the /etc/profile for logins. (or is there?) - Jy@


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message