Logging the ^d logoff

[Daniel R. Levy]

In article <7255 at brl-smoke.ARPA>, gwyn at brl-smoke.ARPA (Doug Gwyn ) writes:
# In article <209 at mccc.UUCP>, pjh at mccc.UUCP (Peter J. Holsberg) writes:
# > One suggestion, which came very close, was to trap 0 1 3 with a line in
# > /etc/profile so that on ^d logout (or hangup, etc.) a line with "who am
# > i" information would be written to /usr/.logins.  I found that this
# > worked quite well except for one thing:  despite the fact that the login
# > time is accurate, the logout time is always about one second after the
# > login time, regardless of the actual logout!
# I suspect the only problem is that you forgot that the arguments to the
# "trap" built-in would be evaluated twice, once at the time of executing
# the "trap" built-in, and once (with whatever the result of the first
# evaluation was) when the trap fires at logout time.  Once you realize
# this, the solution is obvious: quote the "who am i" so that it will not
# be evaluated when "trap" is set.

A few notes:
1) "who am i" will print out the login time, not the present time.
   [I thought you knew better than this, Doug!]
2) There is no need to trap anything other than 0.  Trapping 3 will
   definitely give misleading results if the user hits the QUIT character.

trap '(/usr/bin/id; /bin/date) >> /usr/.logins' 0

3) Anything which is user-executable like this can be forged.  A malicious
   user could clear out or alter /usr/.logins (which must be world writeable).
   The user can 'exec true' or 'kill -9 $$' or something like that to get
   out without leaving a record, or he can reset the trap manually.

4) There's no clear way out of the box without getting accounting software.
-- 
|------------Dan Levy------------|  Path: ..!{akgua,homxb,ihnp4,ltuxa,mvuxa,
|         an Engihacker @        |  	<most AT&T machines>}!ttrdc!ttrda!levy
| AT&T Computer Systems Division |  Disclaimer?  Huh?  What disclaimer???
|--------Skokie, Illinois--------|