Stopping users logging in via X
Stuart Sears
stuart at sjsears.com
Wed Sep 29 13:54:51 UTC 2004
On Wednesday 29 Sep 2004 12:27, Alexander Dalloz wrote:
> Am Mi, den 29.09.2004 schrieb PFJ um 10:18:
> > I'm trying to write a cron job which logs users out at (say) 10pm and
> > then locks all logins via the normal X login service until 3pm the next
> > day.
> >
> > It's not a problem logging people out (just restart X), but I don't know
> > what services I need to kill to stop users logging in via the normal
> > gnome login. I don't want to stop all logins as I still need to update
> > the box remotely (using ssh).
This is what PAM is for:
graphical logins are configured in /etc/pam.d/gdm
# -- /etc/pam.d/gdm
<snip auth stuff>
account required pam_stack.so service=system-auth
account required pam_time.so <-- add this line
# the above line requires you to pass pam_time tests
<snip password and session stuff>
# -- end /etc/pam.d/gdm
then edit /etc/security/time.conf to add the line (or something like it)
# explanations:
# services; consoles; users; time periods - ! = not, & = and, | = or
gdm ; * ; !root ; !Al2200-0300
ie: (pam service) gdm on _all_ [the *] consoles for all users _except_ [the !]
root is available _except_ [!] between 10pm and 3am every day [the Al]
test this properly first!!!! and RTFM in case I have made a typo.
the time.conf file has a copy of its docs in it but you can find the longer
versions at /usr/share/doc/pam-0.77/
BE CAREFUL WITH PAM!!!
if you scr*w up you can always reboot into single user mode.
However I recommend keeping a text-console ie tty1-6 open with root logged in
while you edit pam configs in a diffent terminal. Pam settings will have
immediate effect...
disclaimer: this is intended togive you ideas and to spur further research.
messing pam up can seriously mess up your chances of logging in again.
HTH
Stuart
--
Stuart Sears RHCE, RHCX
Quidquid latine dictum sit, altum viditur
More information about the fedora-list
mailing list