Re: how to restrict user logons
On Mon, Aug 28, 2000 at 09:54:21AM +0200, Andrea Glorioso wrote: > > It would be a nightmare of races. Why not just use an already proven > - albeit not security perfect and sometimes a bit elaborate, but hey, > that's software :) - solution like PAM? That was my first inclination, but (perhaps incorrectly) assumed that there was some reason that the OA didn't want to go that route. Every now and then, I get the overwhelming compulsion to put one or both feet into my mouth... -- Art Sackett
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 01:28:13AM -0600, Art Sackett wrote: > Just a thought, might not even work: howzabout defining the user's shell > (in /etc/passwd) to be a symlink, say, /bin/timelock, then just wiggling > the symlink twice per day via cron to target either /bin/false or > /bin/bash, as appropriate? It would be a nightmare of races. Why not just use an already proven - albeit not security perfect and sometimes a bit elaborate, but hey, that's software :) - solution like PAM? Bye, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on > writing a shell script. Just a thought, might not even work: howzabout defining the user's shell (in /etc/passwd) to be a symlink, say, /bin/timelock, then just wiggling the symlink twice per day via cron to target either /bin/false or /bin/bash, as appropriate? -- Art Sackett
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > I need to be able to restrict some users from logging-on from 8am-11pm > daily (a new discounted subscription plan) and I could use some > suggestions on how to best deal with this. I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on writing a shell script. Look at the section in /etc/pam.d/login that says: # account requisite pam_time.so Uncomment it and then modify /etc/secuirty/time.conf as necessary. I think this is the Right Way (tm) to do it. Hope this helps, Luca -- Luca Filipozzi [dpkg] We are the apt. Resistance is futile. You will be packaged.
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > Hello All, > > I need to be able to restrict some users from logging-on from 8am-11pm > daily (a new discounted subscription plan) and I could use some > suggestions on how to best deal with this. I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on > writing a shell script. No need for it, you'd be much better with pam_time and /etc/security/time.conf Bye, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy
how to restrict user logons
Hello All, I need to be able to restrict some users from logging-on from 8am-11pm daily (a new discounted subscription plan) and I could use some suggestions on how to best deal with this. I intend to toggle the user shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy on writing a shell script. Thanks in advance, Erik
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 09:54:21AM +0200, Andrea Glorioso wrote: > > It would be a nightmare of races. Why not just use an already proven > - albeit not security perfect and sometimes a bit elaborate, but hey, > that's software :) - solution like PAM? That was my first inclination, but (perhaps incorrectly) assumed that there was some reason that the OA didn't want to go that route. Every now and then, I get the overwhelming compulsion to put one or both feet into my mouth... -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 01:28:13AM -0600, Art Sackett wrote: > Just a thought, might not even work: howzabout defining the user's shell > (in /etc/passwd) to be a symlink, say, /bin/timelock, then just wiggling > the symlink twice per day via cron to target either /bin/false or > /bin/bash, as appropriate? It would be a nightmare of races. Why not just use an already proven - albeit not security perfect and sometimes a bit elaborate, but hey, that's software :) - solution like PAM? Bye, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on > writing a shell script. Just a thought, might not even work: howzabout defining the user's shell (in /etc/passwd) to be a symlink, say, /bin/timelock, then just wiggling the symlink twice per day via cron to target either /bin/false or /bin/bash, as appropriate? -- Art Sackett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > I need to be able to restrict some users from logging-on from 8am-11pm > daily (a new discounted subscription plan) and I could use some > suggestions on how to best deal with this. I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on writing a shell script. Look at the section in /etc/pam.d/login that says: # account requisite pam_time.so Uncomment it and then modify /etc/secuirty/time.conf as necessary. I think this is the Right Way (tm) to do it. Hope this helps, Luca -- Luca Filipozzi [dpkg] We are the apt. Resistance is futile. You will be packaged. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to restrict user logons
On Mon, Aug 28, 2000 at 03:02:24PM +0800, Erik Peter P. Abella wrote: > Hello All, > > I need to be able to restrict some users from logging-on from 8am-11pm > daily (a new discounted subscription plan) and I could use some > suggestions on how to best deal with this. I intend to toggle the user > shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy > on > writing a shell script. No need for it, you'd be much better with pam_time and /etc/security/time.conf Bye, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
how to restrict user logons
Hello All, I need to be able to restrict some users from logging-on from 8am-11pm daily (a new discounted subscription plan) and I could use some suggestions on how to best deal with this. I intend to toggle the user shell (/bin/false - /bin/nologin) via the crontab but am still gun-shy on writing a shell script. Thanks in advance, Erik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]