[QCLUG] Kid timer

Steve Langasek vorlon@dodds.net
Thu, 13 Jul 2006 13:30:23 -0700 

---------------------- multipart/signed attachment
On Thu, Jul 13, 2006 at 03:11:09PM -0500, Jim Hall wrote:
> Now that my gmail account works on the list, I have a project for our
> programmers. I mentioned this at the meeting and it was deemed worthy of
> discussion. Since we have had little traffic lately, I thought I'd post t=
he
> entire thread from a low level help forum (no programmers). Some useful
> hints did come up, but I need help. Can anyone get me started?

> BTW, research and conversations indicate that I should use anacron because
> the computer won't be on all the time.

Assuming this first message in the thread is your description of your
problem space,

> Jim
> *************************************

> Friends need a system wide timer to put brakes on kid usage. At 10:55 p.m=
=2E a
> broadcast notice should pop up for any active user. At 11:00 p.m. the sys=
tem
> does a "shutdown -h now" no matter what. No logins will be allowed until
> 10:00 a.m. the next morning (excepting root and the admin user). Of cours=
e,
> school times will be different, so the script (or whatever) needs to be
> editable.

> I'm not too good at creating this kind of thing; Mom has steam coming out=
 of
> her ears, so I'm under the gun to prove that Linux can do something really
> useful for her.

> Any suggestions gratefully received.

=2E.. then you don't want anacron.  The whole point of anacron is to be able
to ensure that jobs are run for the system even if the system was off at the
time they were scheduled to run -- I don't think you want to find when you
turn the system on at 11am that it's running the 'shutdown' job that it
missed from the night before...

No, what you want is plain old cron.

Edit /etc/crontab and add the line:

 55 22 * * * root shutdown -h +5 'No computer past 11'

This tells cron to run the shutdown command at 22:55 every day, where the
shutdown command in question specifies to shut down in 5 minutes and
indicates a message to send to all logged-in users.

The /etc/crontab file is root-only, so not breakable by anyone without root
access.

As for disallowing logins before 11am, there is a config file
/etc/security/time.conf which drives the pam_time module, used to specify
time-based limits on user access to services (e.g., "login").  Depending on
the distro's setup, you may already have pam_time enabled by default under
/etc/pam.d/; more likely, you will need to set it up yourself.  As editing
PAM configs is not for the faint of heart (it's generally a great way to
lock yourself out of the system), you would need to forward the contents of
your /etc/pam.d/login and /etc/pam.d/kdm files for me to make a
recommendation.

The actual configuration of /etc/security/time.conf is fairly
straightforward, though, and basically consists of adding the lines:

 *;*;root|admin;Al0000-2400
 login|kdm;*;*;!Al2300-2400&!Al0000-1100

to the file.  (Completely untested, btw; I haven't used pam_time in...
uhm... 8 years or so, so you'll want to keep a root login open and test this
out once it's set up...)

--=20
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

---------------------- multipart/signed attachment
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://qclug.org/pipermail/qclug/attachments/bf2330da/attachment.bin

---------------------- multipart/signed attachment--