Sunday, November 14, 2010

Login restriction/Limitation based on time schedue

This is how to limit a user (in this case, his name is "Joko") to access computer during weekdays and weekends at certain time duration.

  1. Edit file
    /etc/pam.d/common-account
    and add a line "account required pam_time.so"
  2. Edit file
    /etc/security/time.conf
    and add the following lines to the end of file.

#services  ttys users   times
#
# allow Joko to use computer during weekdays 3 pm-8:30pm OR weekends 9:00am - 9:00pm
* ; * ; joko; Wk1500-2030 | Wk0900-2100

This will not allow joko to login during weekdays before 3 pm or after 8:30 pm or weekends outside 9 am - 9 pm. To disallow certain service, replace '*' in the first entry with a PAM service name (e.g, login, etc.). Files in /etc/pam.d reflect the service names.

On my computer, the following files are the service names can be used:

-rw-r--r-- 1 root root 217 2010-07-05 04:57 atd
-rw-r--r-- 1 root root 167 2010-07-05 06:44 chage
-rw-r--r-- 1 root root 218 2010-07-05 06:44 chfn
-rw-r--r-- 1 root root 218 2010-07-05 06:44 chsh
lrwxrwxrwx 1 root root  17 2010-09-13 10:39 common-account -> common-account-pc
-rw-r--r-- 1 root root 378 2010-07-05 05:15 common-account.pam-config-backup
-rw-r--r-- 1 root root 446 2010-11-14 09:01 common-account-pc
lrwxrwxrwx 1 root root  14 2010-09-13 10:39 common-auth -> common-auth-pc
-rw-r--r-- 1 root root 448 2010-07-05 05:15 common-auth.pam-config-backup
-rw-r--r-- 1 root root 557 2010-11-14 09:01 common-auth-pc
lrwxrwxrwx 1 root root  18 2010-09-13 10:39 common-password -> common-password-pc
-rw-r--r-- 1 root root 855 2010-07-05 05:15 common-password.pam-config-backup
-rw-r--r-- 1 root root 506 2010-11-14 09:01 common-password-pc
lrwxrwxrwx 1 root root  17 2010-09-13 10:39 common-session -> common-session-pc
-rw-r--r-- 1 root root 435 2010-07-05 05:15 common-session.pam-config-backup
-rw-r--r-- 1 root root 573 2010-11-14 09:01 common-session-pc
-rw-r--r-- 1 root root 287 2010-07-05 04:56 crond
-rw-r--r-- 1 root root  56 2010-09-15 13:49 cups
-rw-r--r-- 1 root root 204 2010-07-05 16:24 gdm
-rw-r--r-- 1 root root 206 2010-07-05 16:24 gdm-autologin
-rw-r--r-- 1 root root 239 2010-07-05 08:06 gnomesu-pam
-rw-r--r-- 1 root root 216 2010-07-28 09:45 init
-rw-r--r-- 1 root root 419 2010-07-05 22:36 login
-rw-r--r-- 1 root root 251 2010-07-05 05:15 other
-rw-r--r-- 1 root root 133 2010-07-05 06:44 passwd
-rw-r--r-- 1 root root 165 2010-07-05 06:18 polkit
-rw-r--r-- 1 root root 165 2010-07-05 07:10 polkit-1
-rw-r--r-- 1 root root 173 2010-07-05 14:34 ppp
-rw-r--r-- 1 root root 481 2010-07-05 05:32 remote
-rw-r--r-- 1 root root 165 2010-09-15 14:14 samba
-rw-r--r-- 1 root root 209 2010-07-05 06:44 shadow
-rw-r--r-- 1 root root 165 2010-09-14 07:07 smtp
-rw-r--r-- 1 root root 268 2010-07-05 14:41 sshd
-rw-r--r-- 1 root root 239 2010-07-05 05:00 su
-rw-r--r-- 1 root root 203 2010-09-07 06:01 sudo
-rw-r--r-- 1 root root 239 2010-07-05 05:00 su-l
-rw-r--r-- 1 root root 172 2010-07-05 06:44 useradd
-rw-r--r-- 1 root root 569 2010-07-05 05:58 vsftpd
-rw-r--r-- 1 root root 241 2010-07-29 04:36 wxconsole
-rw-r--r-- 1 root root 204 2008-09-03 08:45 xdm
-rw-r--r-- 1 root root 166 2008-09-03 08:45 xdm-np
-rw-r--r-- 1 root root 265 2010-08-23 16:44 xen-api

A good solution to limit use of computer from kids during school days!

No comments:

Post a Comment