Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DOINKD.CF(5)		      File Formats Manual		  DOINKD.CF(5)

NAME
       /usr/local/etc/doinkd/doinkd.cf - doinkd	configuration file format

DESCRIPTION
       doinkd,	the  login  monitor daemon, decides how	it should act based on
       the file	doinkd.cf.  This file consists of a series  of	specifications
       which each describe an aspect of	doinkd's actions.  There are ten types
       of commands:

       1.     Exemption	commands specify people	that are exempt	from  doinkd's
	      actions.

       2.     Session commands specify people who are restricted in the	length
	      of time they may remain logged in.

       3.     Timeout defines how long a terminal must be idle	before	it  is
	      logged out.

       4.     Refuse  commands specify people to immediately log off when they
	      are found.

       5.     Sleep sets the number of minutes	doinkd	should	sleep  between
	      checks.

       6.     Wait  sets  the  number of seconds doinkd	should give to an idle
	      tty after	it warns before	it logs	it out.

       7.     Conswins specifies how to	handle tty's owned by the user	logged
	      in on console.  It can define special handling for idle logouts,
	      session limits, and multiple logins.

       8.     Idlemethod determines if users  are  considered  idle  by	 input
	      only, or by output as well.

       9.     Threshold	 sets the threshold number of users who	must be	logged
	      in before	multiple login or session limit	controls take effect.

       10.    Multiples	specifies the behavior of multiple  login  logouts  to
	      control how many multiple	logins each user is allowed to keep.

       11.    Maxuser  sets  the  number of sessions per userid, group,	tty or
	      file allowedi.

       Lines beginning with a hash (#) in  column  one	are  comments.	 Other
       lines may be indented for readability.

Exemptions
       Exemptions have the form:

	      exempt who from

       where who must be one of:

	      login username

	      host hostname

	      group groupname

	      tty ttyname

	      file filename

       where  Username must be a valid login name as in	/etc/passwd.  Hostname
       must be identical to the	name as	displayed by 'finger' when someone  is
       logged  in  from	 that  host and	truncated to the length	of the ut_host
       field in	utmp.h,	if necessary.  "localhost" or  the  truncated  version
       (if  necessary)	allows	for specific commands just for users logged in
       locally.	 Groupname must	be a valid group name as in /etc/group.	  Tty-
       name  is	a terminal name	as in the utmp file (e.g., "ttyXX").  Filename
       is either a filename/path relative to the working directory doinkd  was
       started	from,  or  is a	complete path/filename of a file listing user-
       names.  See the Specifying Users	Via a File section below for more  in-
       formation.

       and from	must be	one of:

	      multiple

	      idle

	      session

	      maxuser

	      all

       which  specify that who is exempt from being logged off for maintaining
       multiple	logins,	remaining idle longer than the	idle  timeout  period,
       exceeding a login session limit,	or all three, respectively.

Session
       Session commands	take the form:

	      session refuse minutes

	      session default minutes

	      session who minutes

       where  who  is  the same	as above and minutes is	a decimal number.  The
       command indicates the length of time a user may be logged in for	before
       they must terminate their session.  Warnings and	logouts	will be	issued
       if the session limit is exceeded.  The default  command	specifies  the
       session	limit  time that should	apply to users that do not have	a ses-
       sion limit assigned to them  by	some  other  session  command  in  the
       doinkd.cf file applying to group, login,	or tty.

       The  refuse  command  specifies number of minutes to refuse logins to a
       user who	has been warned	or logged out from a session limit.  Therfore,
       if  the	refuse time is set to 5	minutes, users who are warned or actu-
       ally logged out due to a	session	limit must wait	5 minutes to log  back
       in, otherwise their tty will be killed as soon as doinkd	awakens.

       Session	limits	are especially useful for modem	lines to prevent users
       from tying up the line for too long.

Timeout
       Timeouts	are of the form:

	      timeout who minutes

       where who is the	same as	above, but can also be default and minutes  is
       a  decimal  number.  This command indicates that	who will be logged off
       after remaining idle for	minutes	minutes.  The default idle timeout af-
       fects  anyone  not  otherwise exempted from timeouts or mentioned in an
       explicit	timeout	rule.  doinkd determines idleness to be	the length  of
       time  from  the last keypress by	the user (ie. data throughput alone is
       still considered	idle).	For X-Windows, both mouse movements  and  key-
       presses determine idle time.

Refuse
       Refuse commands take the	form:

	      refuse who

       where who is the	same as	above.	minutes	As soon	as doinkd spots	a user
       matching	a refuse statement, it will tell the  user  that  the  session
       will  be	 terminated,  and  will	actually do so approximately 5 seconds
       later.

Sleep
       Sleep commands are of the form:

	      sleep seconds

       and specify that	doinkd will sleep seconds seconds between its  checks.
       If  there  is  more  than one sleep specification, only the last	one is
       used.

Warn
       Warn commands are of the	form:

	      warn seconds

       and specify that	doinkd will sleep seconds seconds between warnings and
       logouts.	  If  there is more than one warn specification, only the last
       one is used.

Conswins -- Console Windows Handling
       Conswins	commands are of	the form:

	      conswins idle option

	      conswins session option

	      conswins multiple	option

       where option is one of:

	      number

	      normal

	      off

       The number specifies the	number of minutes allowed for tty's  owned  by
       the user	on console for idle timeouts or	session	limits.	 For multiple,
       it specifies the	number of multiple logins that should be  allowed  for
       the user	on console.  These numbers will	overide	what the timeout, ses-
       sion, and multiples settings would  otherwise  specify  for  the	 user.
       normal specifies	to use the default timeout, session limits, and	number
       of multiple logins for the user on console.  off	 instructs  doinkd  to
       not  log	 off  any tty's	owned by the user on console, despite how long
       they have been idle, how	long the tty's have been in  session,  or  how
       many tty's are in use (for idle,	session, and multiple, respectively).

Idlemethod
       The idlemethod command is of the	form:

	      idlemethod userinput

       or

	      idlemethod inputoutput

       When set	to userinput, doinkd requires that the user interact with (ie.
       type into) the tty to be	considered not idle.  If a user, then, has not
       typed  anything	recently,  that	 user  will be considered idle despite
       whether or not the terminal is busy and perhaps displaying output of  a
       running program.

       When set	to inputoutput,	doinkd will only consider a user idle if there
       has been	no input or output to the tty recently.	  If  any  program  is
       writing	output to the tty, then, that tty is not idle.	Note that with
       this setting, a tty is still idle if a program is running without  user
       interaction and is not displaying output	to the tty.

       If this option is unspecified, it defaults to userinput.

Thresholds
       Threshold commands are of the form:

	      threshold	type number

       where type must be one of:

	      multiple

	      session

       For  the	 threshold  multiple command, the number specifies the minimum
       number of tty's that must be in use before doinkd begins	to  limit  the
       users  on  how many tty's they may have.	 For example, if the threshold
       is set to 10, and 3 users are logged on	5  times  each	(each  have  5
       tty's),	then  since  3*5=15  and  15 >=	10, doinkd will	limit how many
       tty's they may have.  If	the multiples command  (see  below)  specifies
       that  users  get	 3 sessions during this	period,	then each of the users
       would have to get rid of	two of their tty's, or doinkd would kill 2 for
       them.

       For  the	 threshold  session  command, the number specifies the minimum
       number of tty's that must be in use before doinkd begins	to  limit  the
       length  of time users may remain	logged on.  If there are at least that
       many tty's in use, then doinkd will perform  warnings  and  kill	 tty's
       that  have  been	 logged	 in as long as or beyond their maximum allowed
       time (specified in a session command).

       If a threshold is not set, then no checking will	be done.

       Multiple	login logouts restrict each user to a number of	 logins	 based
       on the multiples	setting.  See Multiples	for more information.

Multiples
       The multiples command is	of the form:

	      maxuser type name	number

       where type should be the	type of

       If  the number is -1, then the number of	logins each user is allowed to
       have is based on	how many different users are currently logged in.   It
       is  figured  as	the floor of (multiple threshold)/(num users).	So, if
       the threshold is	10 and there are 2 different users on, each user would
       be  allowed  to	keep 5 logins.	If the threshold is 10 and there are 3
       different users on, then	each user would	be allowed to keep 3 logins.

       If the number is	greater	than 0,	then it	specifies the number of	logins
       each user will be allowed to keep, despite the total number of tty's in
       use.

       doinkd guarantees that each user	will be	allowed	to keep	at  least  one
       tty.

       The  method in which doinkd chooses which tty's to keep is based	on lo-
       gin time.  The tty's which were started first will be  kept,  with  the
       later ones being	warned and killed.

Maxuser
       The maxuser command is of the form:

	      multiples	who number

       where who is the	same as	above.

       number is the number of sessions	allowed.

       The  method in which doinkd chooses which tty's to keep is based	on lo-
       gin time.  The tty's which were started first will be  kept,  with  the
       later ones being	warned and killed.

Specifying Users Via a File
       As is indicated above, each of the timeout, session, refuse, and	exempt
       commands	can specify users via a	file statement.	 Therefore, such lines
       would look like these:

	     timeout file <filename> <minutes>
	     session file <filename> <minutes>
	     refuse file <filename>
	     exempt file <filename> <exempt_type>

       The <filename> should be	either a filename/path relative	to the working
       directory from which doinkd was started,	or a complete path to  a  user
       file (such as /usr/local/lib/users).

       The format of the file is simply	one login name per line.  Initial spa-
       ces on a	line is	ignored.  Any text beyond the first word on  the  line
       is  also	 ignored (so comments, if desired, can be placed at the	end of
       the lines).  Blank lines	are ignored.

       Filenames can contain letters A-Z and a-z, numbers 0-9, '_',  '.',  and
       '/'.  Therefore,

	      /usr/local/lib/doinkd/Session_Users1.list

       is  a  valid  filename.	Any other character than those mentioned above
       are not allowed in the filenames.

EXAMPLE
       A sample	doinkd configuration file follows (look	in the doinkd  distri-
       bution package for doinkd.cf, an	example	that shows all commands):

	  #
	  # sleep 2 minutes between checks (specified in seconds)
	  #
	      sleep 120
	  #
	  # Give 5 minutes between warning and logout (in seconds)
	  #
	      warn 300
	  #
	  # Set	conswins to off, so that idle, multiple, and session
	  # logouts will be disabled for tty's owned by	the user
	  # logged in on console.
	  #
	      conswins idle off
	      conswins multiple	off
	      conswins session off
	  #
	  # 30 users must be logged on before
	  # multiple login checks will begin
	  #
	      threshold	multiple 30
	  #
	  # Do proportional multiple login allows, based on the	multiple
	  # threshold and number of different users on.
	  #
	      multiples	-1
	  #
	  # We want session limits to apply all	the time
	  #
	      threshold	session	1
	  #
	  # idlemethod set to "userinput" (default) requires that user
	  # interact with the tty to be	determined not idle.  Set it to
	  # "inputoutput" to allow tty output to also consider the tty
	  # not	idle.
	  #
	  #	   idlemethod inputoutput
	  #
	  # Set	the timeout for	console	to be 15 (plus warntime)
	  # before it will log off anyone on console.
	  # Set	the default idle timeout to 60 minutes.	 For the
	  # group staff, set the idle timeout to 2 hours.
	  # 30 minute timeout for users	logged in from dopey.
	  #
	      timeout tty console 15
	      timeout default 60
	      timeout group staff 120
	      timeout host dopey 30
	  #
	  # Students must not remain logged in for longer than 45 minutes
	  #
	      session group student 45
	  #
	  # Necessary exemptions to make sure the console doesn't
	  # get	logged off for session limits or multiple logins and
	  # staff members don't	get logged off at all.
	  #
	      exempt tty console session
	      exempt tty console multiple
	      exempt group staff all

SEE ALSO
       doinkd(8), utmp(5)

				 May 30, 2006			  DOINKD.CF(5)

NAME | DESCRIPTION | Exemptions | Session | Timeout | Refuse | Sleep | Warn | Conswins -- Console Windows Handling | Idlemethod | Thresholds | Multiples | Maxuser | Specifying Users Via a File | EXAMPLE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=doinkd.cf&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help