Approaches for killing left-behind processes /Re: killer in the manual
Am Thursday, 5. November 2009 schrieb RalfGesellensetter:
> Please follow recent IRC log on #debian-edu to find some alternative
> approaches on clearing left-behind processes deliberately (rather
> than killing arbitrary unidentified processes).
Dear list, only now I find the time to sumarize some thoughts from IRC:
<RalfG> h01ger: I start to understand what you dislike about killer. It
kills processes not on purpose, but arbitrary -- like a redneck
(alternative package name?) shooting at everything that doesn't match
his patterns.
<RalfG> I tend to agree that this approach is "bad" as it must fail as
soon as you introduce new roles unknown to killer.
<RalfG> On contrary, the clean-up-left-behind-processes-after-logout-
script should follow a simple and clean policy like this:
<RalfG> get a list of users who were logged in today - and if they
aren't logged in anymore, kill _their_ processes.
<RalfG> all needed for this can be found (again) in last.
<RalfG> alternatively, you could follow /var/log/auth.log and wait for
"logout" messages. But this log is on tjener, I think.
<RalfG> Yet another approach could be to have processes of users killed,
that are member in a given group (student) unless they are still logged
in.
<RalfG> h01ger: this command shows all user sessions that have been
closed today:
grep "session closed" /var/log/auth.log |grep -v "user root" | grep -v
\ "user daemon" | grep -v "user nobody" |grep "`LANG=C date +"%b %_d"`"
\|cut "-d " -f12 |sort -u | grep ... | tr '[A-Z]' '[a-z]'
<RalfG> Now find users who are still logged in:
LANG=C last |grep "still logged in" | cut "-d " -f1 | sort -u
<RalfG> note: here might be ambigious names as logins are truncated to 8
characters.
<RalfG> Now I could do a "grep -v" on every line there to remove still
logged in users...
<RalfG> rather than triggering the clean-up-left-behind-processes-after-
logout-script every hour, wouldn't it be great just to write a watchdog
for auth.log - something like "tail -f /var/log/auth.log" that issues a
pkill whenever a (regular) user closes their sessioN?
<RalfG> of course, this would mean, that all processes are killed of one
of several sessions owned by the same user is closed (unless
doublechecking "who").
<RalfG> and, of course, this script should not regard old entries in
auth.log in case it is started much after boot time
Now, I think a combination of both should be possible (do the filtering
on tail -f) -- and yes, of course, users who are permanently logged in
will not be regarded (maybe by nightkill in debian-edu-config?).
There was also a discussion that virtually the session manager (like
LDM) should do the job in a propper way, but then, there is also KDM and
GDM, and it is hard to convince their upstreams to find a common way of
purging closed sessions. Hence the watchdog for auth.log seems to be a
straight forward way to go (to me), what do you think?
First steps could be auxialary scripts like test-if-user-is-logged-in
(checking in who).
Then I wonder, if there isn't a mother process to all processes run
within a session, so that the only thing to do is killing this embedding
process at logout time?
Reply to: