El vie, 06-11-2009 a las 09:32 +0100, José L. Redrejo Rodríguez escribió: > El jue, 05-11-2009 a las 20:23 +0100, RalfGesellensetter escribió: > > Am Thursday, 5. November 2009 schrieb RalfGesellensetter: > > > Please follow recent IRC log on #debian-edu to find some alternative > > > approaches on clearing left-behind processes deliberately (rather > > > than killing arbitrary unidentified processes). > > > > > > Dear list, only now I find the time to sumarize some thoughts from IRC: > > > > <RalfG> h01ger: I start to understand what you dislike about killer. It > > kills processes not on purpose, but arbitrary -- like a redneck > > (alternative package name?) shooting at everything that doesn't match > > his patterns. > > <RalfG> I tend to agree that this approach is "bad" as it must fail as > > soon as you introduce new roles unknown to killer. > > > > <RalfG> On contrary, the clean-up-left-behind-processes-after-logout- > > script should follow a simple and clean policy like this: > > <RalfG> get a list of users who were logged in today - and if they > > aren't logged in anymore, kill _their_ processes. > > <RalfG> all needed for this can be found (again) in last. > > <RalfG> alternatively, you could follow /var/log/auth.log and wait for > > "logout" messages. But this log is on tjener, I think. > > > > <RalfG> Yet another approach could be to have processes of users killed, > > that are member in a given group (student) unless they are still logged > > in. > > > > <RalfG> h01ger: this command shows all user sessions that have been > > closed today: > > grep "session closed" /var/log/auth.log |grep -v "user root" | grep -v > > \ "user daemon" | grep -v "user nobody" |grep "`LANG=C date +"%b %_d"`" > > \|cut "-d " -f12 |sort -u | grep ... | tr '[A-Z]' '[a-z]' > > > > <RalfG> Now find users who are still logged in: > > LANG=C last |grep "still logged in" | cut "-d " -f1 | sort -u > > > > <RalfG> note: here might be ambigious names as logins are truncated to 8 > > characters. > > <RalfG> Now I could do a "grep -v" on every line there to remove still > > logged in users... > > > > <RalfG> rather than triggering the clean-up-left-behind-processes-after- > > logout-script every hour, wouldn't it be great just to write a watchdog > > for auth.log - something like "tail -f /var/log/auth.log" that issues a > > pkill whenever a (regular) user closes their sessioN? > > <RalfG> of course, this would mean, that all processes are killed of one > > of several sessions owned by the same user is closed (unless > > doublechecking "who"). > > <RalfG> and, of course, this script should not regard old entries in > > auth.log in case it is started much after boot time > > > > Now, I think a combination of both should be possible (do the filtering > > on tail -f) -- and yes, of course, users who are permanently logged in > > will not be regarded (maybe by nightkill in debian-edu-config?). > > > > There was also a discussion that virtually the session manager (like > > LDM) should do the job in a propper way, but then, there is also KDM and > > GDM, and it is hard to convince their upstreams to find a common way of > > purging closed sessions. Hence the watchdog for auth.log seems to be a > > straight forward way to go (to me), what do you think? > > > > First steps could be auxialary scripts like test-if-user-is-logged-in > > (checking in who). > > > > Then I wonder, if there isn't a mother process to all processes run > > within a session, so that the only thing to do is killing this embedding > > process at logout time? > > > Just in case it might help: Last year when I given up using killer > because of it killing ssh sessions, I implemented that kind of routine > in ControlAula. > In http://paste.debian.net/50868/ you can see the code (for 72 hours > since now) > > When using gnome, one of the common zombie processes is gnome-panel, if > an user logins with gnome-panel running as a zombie with his own login, > the desktop is totally broken, so ControlAula is calling this killer() > routine with a watch timer every 10 seconds. > > The approach is similar to yours, but using 'who' instead of 'last'. It > just gets a list of the logged users and another list with the logged > processes with their user id. It compares them and kills all the > processes whose uid are not logged and between 1000 and 65535 (to avoid > killing services and processes launched under the "nobody" user). > It's quite simple and has been working perfectly for our purposes for > about a year in our schools. > > Regards. > I've almost forgot it: using who instead of last, you don't have the 8 chars limit in the login names.
Attachment:
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente