[QCLUG] Re: Kid timer

Leif Theden leif.theden@gmail.com
Mon, 7 Aug 2006 09:04:20 -0500 

is this where you are at now?
the computer shuts down, but there is no message
the kids are locked out, but you cant unlock them


On 8/1/06, Jim Hall <volunteer.jim@gmail.com> wrote:
> Results of my laughable attempts to make this work.
>
> I've got shutdown. Don't need to worry about the message right now. I've
> tried the following, experimenting. I've even tried Steve's time script
> entry. The only way I've been able to lockout the kids login is a direct
> entry of 'usermod -L <user>' in crontab. This becomes permanent. I have to
> go to console and use 'usermod -U <user>' on each account   I've included
> the contents of all the relavent files. I feel that I must be close, but
> can't figure out what's missing. I hope you can come up with the "what"
> because I obviously don't know what I'm doing.
>
> Jim
> ********************************************
>
> # /etc/crontab: system-wide crontab
> # Unlike any other crontab you don't have to run the `crontab'
> # command to install the new version when you edit this file.
> # This file also has a username field, that none of the other crontabs do.
>
> SHELL=/bin/sh
> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
>
> # m h dom mon dow user    command
> 17 *    * * *    root    run-parts --report /etc/cron.hourly
> 25 4    * * *    root    test -x /usr/sbin/anacron || run-parts --report
> /etc/cron.daily
> 47 4    * * 7    root    test -x /usr/sbin/anacron || run-parts --report
> /etc/cron.weekly
> 52 4    1 * *    root    test -x /usr/sbin/anacron || run-parts --report
> /etc/cron.monthly
> #
> 50 21    * * *    root    /sbin/shutdown -h +10
> 59 21    * * *    root    /usr/sbin/kid-timer_lockout
> 00 10    * * *    root    /usr/sbin/kid-timer_login
>
> #
> ****************************
>
> Contents of '/usr/sbin/Kid-timer_lockout'
> /bin/sh
> # This should lockout specific user accounts after nightly shutdown.
> #
> /usr/sbin/usermod -L megan
> /usr/sbin/usermod -L anna
> /usr/sbin/usermod -L thomas
> *****************************
>
> Contents of '/usr/sbin/Kid-timer_login'
> /bin/sh
> # This should allow login for specific user accounts the
> #morning after nightly shutdown.
> #
> if (time > 10.00 and time < 21.59) {
> /usr/sbin/usermod -U megan
> }
> if (time > 10.00 and time < 21.59) {
> /usr/sbin/usermod -U anna
> }
> if (time > 10.00 and time < 21.59) {
> /usr/sbin/usermod -U thomas
> }
> ******************************
>
> Contents of /etc/security/time.conf
> # this is an example configuration file for the pam_time module. Its syntax
> # was initially based heavily on that of the shadow package (shadow-960129).
> #
> # the syntax of the lines is as follows:
> #
> #       services;ttys;users;times
> #
> # white space is ignored and lines maybe extended with '\\n' (escaped
> # newlines). As should be clear from reading these comments,
> # text following a '#' is ignored to the end of the line.
> #
> # the combination of individual users/terminals etc is a logic list
> # namely individual tokens that are optionally prefixed with '!' (logical
> # not) and separated with '&' (logical and) and '|' (logical or).
> #
> # services
> #    is a logic list of PAM service names that the rule applies to.
> #
> # ttys
> #    is a logic list of terminal names that this rule applies to.
> #
> # users
> #    is a logic list of users to whom this rule applies.
> #
> # NB. For these items the simple wildcard '*' may be used only once.
> #
> # times
> #    the format here is a logic list of day/time-range
> #    entries the days are specified by a sequence of two character
> #    entries, MoTuSa for example is Monday Tuesday and Saturday. Note
> #    that repeated days are unset MoMo = no day, and MoWk = all weekdays
> #    bar Monday. The two character combinations accepted are
> #
> #        Mo Tu We Th Fr Sa Su Wk Wd Al
> #
> #    the last two being week-end days and all 7 days of the week
> #    respectively. As a final example, AlFr means all days except Friday.
> #
> #    each day/time-range can be prefixed with a '!' to indicate "anything
> #    but"
> #
> #    The time-range part is two 24-hour times HHMM separated by a hyphen
> #    indicating the start and finish time (if the finish time is smaller
> #    than the start time it is deemed to apply on the following day).
> #
> # for a rule to be active, ALL of service+ttys+users must be satisfied
> # by the applying process.
> #
>
> #
> # Here is a simple example: running blank on tty* (any ttyXXX device),
> # the users 'you' and 'me' are denied service all of the time
> #
>
> #blank;tty* & !ttyp*;you|me;!Al0000-2400
>
> # Another silly example, user 'root' is denied xsh access
> # from pseudo terminals at the weekend and on mondays.
>
> #xsh;ttyp*;root;!WdMo0000-2400
>
> #
> # End of example file.
>
> # ##### Kid-timer lockout & login (starting sample lines first)
> # *;*;root|admin;Al0000-2400
> # login|kdm;*;*;!Al2300-2400&!Al0000-1100
>
> #login|kdm;megan|anna|thomas;!Al2300-2400&!Al0000-1000
>
>