LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
LinkBack Search this Thread
Old 10-15-2001, 02:25 AM   #1
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Rep: Reputation: 30
set daily time limit for being logged into machine?


I've been looking for a way to have some control over how long and when users can be logged into my linux box. I need to be able to set daily limits (for instance, susan can only be logged in for 3 hours/day) and preferably time limits to (susan can only login b/n 7am and 11pm).

Is there a good way to do this? It's hard to know exactly what to search for when looking.

Thanks,
Justin
 
Old 10-15-2001, 12:58 PM   #2
d3funct
Member
 
Registered: Jun 2001
Location: Centralia, WA
Posts: 274

Rep: Reputation: 31
Look at the manpage for pam.conf (man pam.conf) there is a module called pam_time.so that will help you do this. See /usr/share/doc/pam-0.74 (or whatever your version # is)/txts/README.pam_time for some explanation.


This is an excerpt from /usr/share/doc/pam-0.74/html/pam-6.html#ss6.23
which should also be on your machine.

Overview of module


Running a well regulated system occasionally involves restricting access to certain services in a selective manner. This module offers some time control for access to services offered by a system. Its actions are determined with a configuration file. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request.

Description:

This module bases its actions on the rules listed in its configuration file: /etc/security/pam.conf. Each rule has the following form,
services;ttys;users;times In words, each rule occupies a line, terminated with a newline or the beginning of a comment; a `#'. It contains four fields separated with semicolons, `;'. The fields are as follows:

services - a logic list of service names that are affected by this rule.
ttys - a logic list of terminal names indicating those terminals covered by the rule.
user - a logic list of usernames to which this rule applies

By a logic list we mean a sequence of tokens (associated with the appropriate PAM_ item), containing no more than one wildcard character; `*', and optionally prefixed with a negation operator; `!'. Such a sequence is concatenated with one of two logical operators: & (logical AND) and | (logical OR). Two examples are: !morgan&!root, indicating that this rule does not apply to the user morgan nor to root; and tty*&!ttyp*, which indicates that the rule applies only to console terminals but not pseudoterminals.

times - a logic list of times at which this rule applies. The format of each element is a day/time-range. The days are specified by a sequence of two character entries. For example, MoTuSa, indicates Monday Tuesday and Saturday. Note that repeated days are unset; MoTuMo indicates Tuesday, and MoWk means all weekdays bar Monday. The two character combinations accepted are,

Mo Tu We Th Fr Sa Su Wk Wd Al
The last two of these being weekend days and all 7 days of the week respectively.

The time range part is a pair of 24-hour times, HHMM, separated by a hyphen -- indicating the start and finish time for the rule. If the finsish time is smaller than the start time, it is assumed to apply on the following day. For an example, Mo1800-0300 indicates that the permitted times are Monday night from 6pm to 3am the following morning.

Note, that the given time restriction is only applied when the first three fields are satisfied by a user's application for service.

For convenience and readability a rule can be extended beyond a single line with a `\newline'.

Examples/suggested usage:

The use of this module is initiated with an entry in the Linux-PAM configuration file of the following type:

#
# apply pam_time accounting to login requests
#
login account required pam_time.so
where, here we are applying the module to the login application.

Some examples of rules that can be placed in the /etc/security/time.conf configuration file are the following:

login ; tty* & ; !ttyp* ; !root ; !Al0000-2400

all users except for root are denied access to console-login at all times.

games ; * ; !waster ; Wd0000-2400 | Wk1800-0800

games (configured to use Linux-PAM) are only to be accessed out of working hours. This rule does not apply to the user waster.

Note, currently there is no daemon enforcing the end of a session. This needs to be remedied.

Poorly formatted rules are logged as errors using syslog(3).


Hope this helps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
running X applications on remote machine when logged in via ssh servnov Linux - General 1 08-15-2005 08:53 PM
cron.daily runs at the wrong time dwz3591 Linux - Software 2 10-27-2004 09:46 AM
Palm set to automatically sync daily? sohmc Linux - Laptop and Netbook 3 08-31-2004 11:53 AM
Someone logged into my machine? nuzzy Linux - Security 6 05-24-2003 05:11 PM
set time limit on allowed user in iptables? luap Linux - Networking 5 03-04-2003 10:55 PM


All times are GMT -5. The time now is 11:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration