LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-14-2010, 01:56 AM   #1
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Rep: Reputation: 21
pam time restrictions not working !!?


hi all
I dont want to allow the user winny on saturday and sundays. I added the following line in the /etc/security/time.conf file.

login;*;winny;!SaSu0000-2400

Then i added the following line in the /etc/pam.d/login file.

account required pam_time.so

this is the first line of that login file. But if i tried to login with the username winny it allows me to get log in. Is anything has to be change? I need ur help guys.
 
Old 01-14-2010, 02:19 AM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Not if it's not the weekend. You told PAM to block winny for 48 hours of
the weekend, which is a day away (for me, anyway; your mileage may vary).
 
Old 01-14-2010, 04:14 AM   #3
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Original Poster
Rep: Reputation: 21
thats just a example yaar...ok take it...
login;*;winny;!Al0000-2400

even if i add the above line, it is not working?...What do you say now?
 
Old 01-19-2010, 06:02 AM   #4
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Original Poster
Rep: Reputation: 21
how to block users for particular days?

hi all
i dont want to allow the user winny on saturday and sundays. Can someone tell me how to implement this on RHEL 5?

Thanks in advance.
 
Old 01-19-2010, 06:23 AM   #5
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Are you talking about denying in squid?
 
Old 01-19-2010, 06:45 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
For logins etc ,try pam_time http://www.kernel.org/pub/linux/libs...-pam_time.html
 
Old 01-20-2010, 01:33 AM   #7
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Original Poster
Rep: Reputation: 21
hi chrism01
i have added the following line to /etc/security/time.conf file
login;*;winston;!We0000-2400
then i add a entry in /etc/pam.d/login file
i.e

account required pam_time.so

But, now i login locally through Command line interface, it denied me. Well, But through GUI it allows me to login as winston. If i do rlogin or ssh from other clients that is also working. I want to restrict that user in all the way. How can i do this?
 
Old 01-20-2010, 01:42 AM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
If you look in /etc/pam.d there's probably (should be) an sshd file to edit as well.
Not sure about X-win, but there should a a relevant file in there.
You'll also have to make sure that user is completely logged out. iirc, the GUI clones the first login and just copies it, so it might not notice the change.
Don't have a Linux system here with X-win to check.
 
Old 01-20-2010, 01:55 AM   #9
kirukan
Senior Member
 
Registered: Jun 2008
Location: Eelam
Distribution: Redhat, Solaris, Suse
Posts: 1,272

Rep: Reputation: 148Reputation: 148
refer the following
http://tuxradar.com/answers/283
 
Old 01-20-2010, 02:06 AM   #10
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Original Poster
Rep: Reputation: 21
sorry chrism01..it doesnt works...here is the content of the pam.d/sshd file ( i've added the line "account required pam_time.so"

#%PAM-1.0
account required pam_time.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
~
~

rebooted the machine one time. Then i tried to login throgh ssh from one of my client. It allows.
sssssssshhhhhhhhh....what to do?
 
Old 01-20-2010, 02:29 AM   #11
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Add the following to root crontab file:

Code:
0 0 * * 0 6 passwd -l winny
0 0 * * 0 6 killall -u winny
23 59 * * 0 0 passwd -u winny
May not be the prettiest way to do it, but it should work.

HTH

Forrest
 
Old 01-20-2010, 05:59 AM   #12
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Original Poster
Rep: Reputation: 21
i blocked the rlogin and ssh by made an entry in the /etc/security/time.conf file.
The entries are
login;*;winny;!We0000-2400
sshd;*;winny;!We0000-2400
rlogin;*;winny;!We0000-2400
and also in /etc/pam.d/sshd and rlogin file. Everything works fine except the local GUI. In GUI it allows me to log in. I think the crontab will do for GUI.

Let me try !!

Thanks for the help gurus....
 
Old 01-20-2010, 06:45 PM   #13
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
I'd ask RH, assuming that's a registered system. I'd like to know the (proper) solution myself.
 
Old 01-21-2010, 12:29 AM   #14
kingston
Member
 
Registered: Mar 2008
Location: Bengaluru, India
Distribution: RHEL 5.5, Solaris 5.10
Posts: 215
Blog Entries: 1

Original Poster
Rep: Reputation: 21
that would be great...i will wait for that...i am happy that i have asked a good question and ur approach to know the answer..
 
Old 01-21-2010, 01:11 AM   #15
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
What happens when you replace 'login' with "system-auth' or '*'?
Untested - my slack machine doesn't use PAM at this stage.


Cheers,
Tink


P.S.: I merged your two threads.

Last edited by Tinkster; 01-21-2010 at 01:13 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
using pam to override file access restrictions gearoid_murphy Linux - General 7 08-26-2009 04:43 AM
Get pam time restrictions working for linux samba domain login. v2ueha6 Linux - Newbie 1 12-20-2008 04:40 AM
Time restrictions on Linux. cayuga Linux - Software 1 11-11-2007 06:28 PM
Time Restrictions on IPCop depam Linux - Software 2 08-16-2006 10:28 PM
Time Restrictions - porttime - logoutd gdw Slackware 1 02-25-2003 02:23 AM


All times are GMT -5. The time now is 11:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration