Update to my original summary. Two things I did not take into consideration
were scripts that source /etc/profile and the "r" commands. This didn't
rear it's ugly head until a few hours after the session limiter was in
place. So, to check for the condition where $LOGNAME is null, I
encapsulated the snippet in an additional "if" loop. The new snippet looks
like this:
#---------------------- START SESSION LIMIT ----------------------
EXCLUDELIST="/etc/profile.session.exclude"
if [ ! -z "$LOGNAME" ]; then
if [ `grep -w $LOGNAME $EXCLUDELIST` ]; then
:
else
LOGCNT=`who | grep -w $LOGNAME | wc -l`
if [ "$LOGCNT" -gt "1" ]; then
clear
echo "\n\n\n...Only ONE session allowed per
user...\n\n\n"
exit 1
fi
fi
fi
#----------------------- END SESSION LIMIT -----------------------
ORIGINAL SUMMARY:
Many thanks for the quick responses from Stan Horwitz, Hannes Visagie, John
Galt, Kevin Fleming, Oisin McGuinness and Jason Neil.
Originally, my posting included a statement that with a session limit hack
in /etc/profile, and during peak periods, was causing the login process to
climb as high as 3 minutes. I did not believe this but was forced to seek
other alternatives based on what senior and VP management from the contract
side (not EDS) were reporting based on some obscure report they read.
Fortunate for me, I was able to convince them to allow me to try the code
snippet below. It is a combination of what I had tried and the suggestions
from the responses received and is successfully running with no apparent
"lag" during login.
I chose to place the following code at the top of /etc/profile to limit
users to one login session unless listed in an exclude list. I tested and
timed this thoroughly to assure those that made the 3 minute login response
claim, can no longer make same. There is no noticeable difference in login
times with or without this modification.
#---------------------- START SESSION LIMIT ----------------------
EXCLUDELIST="/etc/profile.session.exclude"
if [ `grep -w $LOGNAME $EXCLUDELIST` ]; then
:
else
LOGCNT=`who | grep -w $LOGNAME | wc -l`
if [ "$LOGCNT" -gt "1" ]; then
clear
echo "\n\n\n...Only ONE session allowed per user...\n\n\n"
exit 1
fi
fi
#----------------------- END SESSION LIMIT -----------------------
ORIGNAL POSTING:
On Fri, 2 Nov 2001, Sylvester, Dennis wrote:
> Good morning!
>
> We have a GS160 running 4.0G (5.1a coming soon) and need to limit login
> sessions to 1 unless an individual is listed in an exception list. I have
> scoured the archives and did find what is essentially the same solution we
> have tried; adding a routine in /etc/profile to check if the user is
already
> logged in via a "who/grep" combination. This solution was unacceptable
> since we, on average, have almost 1500 users active at any given time.
This
> is complicated by the fact that most of the thousands of processes running
> are MFCOBOL (rts32) and consume all of the cpu cycles in system with
> fidslock (we are working this with Compaq, but that is a different issue)
> thus causing the login process to take, on average, 3 minutes with this
type
> of login checking at peak periods during the day.
>
> Question: Is there a different solution anybody has successfully tried to
> limit the number of active sessions a user is allowed without resorting to
> running a "who/grep" combination for the user from within the
/etc/profile?
Received on Fri Nov 09 2001 - 15:48:26 NZDT