Hello all. First, the environment:

6 login nodes (blades) running CentOS 5 (no choice)

These login nodes are automatically load balanced so users may not necessarily get the same blade the next time they login. I, like my co-worker, adopted this dysfunctional kid and we're left to pick up the pieces from the last sysadmin (I use that term loosely). They run X and users use them as a jumping off point to other dev nodes within the environment that are also blades running newer hardware and OS versions.

From time to time, our users will kickoff NX, Firefox, nedit and other X-affiliated programs, then leave and, from what I gather, completely forget about their sessions. They like the fact that NX remembers their session so they can come back to it later, but the byproduct is that our login nodes suffer from CPU & memory usage and, at times (once every few weeks), we're forced to reboot a particular blade as it locked up.

I'm aware of /etc/security/limits.conf and the /etc/profile.d/<config> for timeout system-wide. Each user has their own shell preference, e.g. /bin/bash, /bin/ksh, /bin/tcsh, etc. and I'm aware of the fact that I can set timeouts per user using that shell's syntax as a dot file.

It seems that users are abusing the ability to use X-related programs without giving much thought to repercussions from leaving them open. We'll do a w and find that some have been logged in for more than a month.

For you sysadmins out there that might be facing a similar situation, how are you handling this and what would you recommend? I'm tempted to hold a meeting with them, at first, to try and dissuade abuse of the environment by educating them, but I feel like it will most likely go in one ear and out the other and will eventually be forced to exercise more intrusive means to keep resource usage to a reasonable level anyway.

Generally speaking users aren't on line for more than their work shift. On occasion they MAY have a need to let a job run.

When I see a system that is resource constrained I just start killing off user sessions starting with the oldest. I MIGHT not kill off sessions started in the current week but only if killing off even older ones frees up resources.

You could probably do a cron job to kill off any sessions older than a week. Make sure you do the appropriate kill (e.g. kill with no flag is kill -15 which should be tried first, kill -1 is best to kill shell sessions for some reason, kill -9 should be used as a last resort as it does NOT do any cleanup so might not help alleviate resource consumption.

I seldom discuss killing off old sessions with users as they always have some bizarre reason why I shouldn't. Doing it without telling them seldom gets any questions. If it happens to be a session they were using they see it die and restart it. Often enough I find the sessions were simply left there because the user turned off their workstation rather than logging out so they don't even know they're still running and fire up new ones each day.