Sign in with
Sign up | Sign in
Your question

Time restricted internet access

Last response: in Linux/Free BSD
Share
February 4, 2012 2:58:51 AM

I feel kinda stupid asking, but how exactly do I use PAM_TIME? Do I need to activate the service or edit some other file? I can only find really outdated guides on the internet.

OS: Scientific Linux

I went:

su
cd /etc/security/
sudo nano -w time.conf

added:

http ; *; !user; !Al0900-2100

Tried to follow

http://www.techrepublic.com/blog/security/restrict-user...

I want the user not to be able to access the internet via http before 9am and after 9pm. If there is any easy solution... been stumped for ages...

For reference, here is the time.conf default file

  1. # this is an example configuration file for the pam_time module. Its syntax
  2. # was initially based heavily on that of the shadow package (shadow-960129).
  3. #
  4. # the syntax of the lines is as follows:
  5. #
  6. # services;ttys;users;times
  7. #
  8. # white space is ignored and lines maybe extended with '\\n' (escaped
  9. # newlines). As should be clear from reading these comments,
  10. # text following a '#' is ignored to the end of the line.
  11. #
  12. # the combination of individual users/terminals etc is a logic list
  13. # namely individual tokens that are optionally prefixed with '!' (logical
  14. # not) and separated with '&' (logical and) and '|' (logical or).
  15. #
  16. # services
  17. # is a logic list of PAM service names that the rule applies to.
  18. #
  19. # ttys
  20. # is a logic list of terminal names that this rule applies to.
  21. #
  22. # users
  23. # is a logic list of users or a netgroup of users to whom this
  24. # rule applies.
  25. #
  26. # NB. For these items the simple wildcard '*' may be used only once.
  27. # times
  28. # the format here is a logic list of day/time-range
  29. # entries the days are specified by a sequence of two character
  30. # entries, MoTuSa for example is Monday Tuesday and Saturday. Note
  31. # that repeated days are unset MoMo = no day, and MoWk = all weekdays
  32. # bar Monday. The two character combinations accepted are
  33. #
  34. # Mo Tu We Th Fr Sa Su Wk Wd Al
  35. #
  36. # the last two being week-end days and all 7 days of the week
  37. # respectively. As a final example, AlFr means all days except Friday.
  38. #
  39. # each day/time-range can be prefixed with a '!' to indicate "anything
  40. # but"
  41. #
  42. # The time-range part is two 24-hour times HHMM separated by a hyphen
  43. # indicating the start and finish time (if the finish time is smaller
  44. # than the start time it is deemed to apply on the following day).
  45. #
  46. # for a rule to be active, ALL of service+ttys+users must be satisfied
  47. # by the applying process.
  48. #
  49.  
  50. #
  51. # Here is a simple example: running blank on tty* (any ttyXXX device),
  52. # the users 'you' and 'me' are denied service all of the time
  53. #
  54.  
  55. #blank;tty* & !ttyp*;you|me;!Al0000-2400
  56.  
  57. # Another silly example, user 'root' is denied xsh access
  58. # from pseudo terminals at the weekend and on mondays.
  59.  
  60. #xsh;ttyp*;root;!WdMo0000-2400
  61.  
  62. #
  63. # End of example file.

February 4, 2012 4:41:50 AM

I really need help, I tried what the guide afformented said. Nothing really happened and nothing was blocked.
Related resources
February 4, 2012 3:48:34 PM

do not know about specifics behind PAM (the man pages were less than helpful), but as a side solution many routers (ddwrt and tomato for sure) provide this ability with a nice gui :) 

February 6, 2012 4:24:12 AM

skittle said:
do not know about specifics behind PAM (the man pages were less than helpful), but as a side solution many routers (ddwrt and tomato for sure) provide this ability with a nice gui :) 

^This.

You can also target particular machines for these access restrictions.

Did you simply want to control Internet use or complete computer use? (if it's complete computer access, there's a script that's called timekpr that seems to do what you want)
February 6, 2012 8:46:04 AM

Last release 2009 :/ 
February 8, 2012 3:13:45 AM

amdfangirl said:
Last release 2009 :/ 

Like a fine wine :) 

Spoiler
but seriously tho, that is kinda meh, although what it's using under the hood is pretty much standard and hasn't changed in quite some time, I'm willing to bet that it would work on some other UNIX's
February 8, 2012 5:18:42 AM

I'll give it a go then eh?
February 9, 2012 4:33:59 AM

It'll take a little tweaking and cajoling to get it installed properly, but it does seem like just what the doctor ordered. I would just keep the original archive around since, if the reason should arise, you may have to refer to the contents installed to do a manual un-installation.

...ooor, you could try using something like alien or, even better yet, how to create your own RPMs. Perhaps fund an unofficial RPM repo, talk to them, try to get them to carry it, etc.
!