Auto-logoff facility in Unix
Jerry Aguirre
jerry at oliveb.UUCP
Mon Apr 30 07:02:04 AEST 1984
The people responding the request for an auto-logout facility seem to
see it as an attempt to reduce load to the system or make terminals
available. I see it as a security issue. It is not uncommon for
users to leave their terminals logged on for the entire weekend.
Any one with physical access to their terminal can override their
security. Just ask yourself if there is anyone who is mean or
stupid enough to do a rm -rf ~/. on your terminal. All the recent
discussion about the password algorithm and picking difficult
passwords is worthless if the penetrator can just wait for someone
to go to lunch and then use his terminal.
And before someone complains about the user getting what he deserves,
remember that it is the Unix support group who has to restore his
files! The user gets the morning off and a good excuse for having his
project late. Unix gets a reputation for loosing files or having poor
security.
I have heard from several sources this idea of idle users loading
the system. As I understand it the user is tying up a process slot
and some swap space. If the user wasn't using the process slot
there would be a getty running in it. It seems to me that the
overhead for logging out and back in is greater than any savings.
Is this idle user loading bunk or is there a legitimate reason
(besides security) for logging off between sessions?
Jerry Aguirre
{hplabs|fortune|ios|tolerant|allegra|tymix}!oliveb!jerry
More information about the Comp.unix.wizards
mailing list