Re: restricting login times

To: debian-user@lists.debian.org
Subject: Re: restricting login times
From: Joel Rees <joel.rees@gmail.com>
Date: Mon, 25 Mar 2013 17:00:23 +0900
Message-id: <[🔎] CAAr43iMSLoE3k-zWFJuSMSXHejrhOce7m37x_dAVYut9v2sTQg@mail.gmail.com>
In-reply-to: <[🔎] 20130325061123.GA10087@hysteria.proulx.com>
References: <[🔎] CAAr43iMP=WzN_sCh-LPdX-e=KzxJqcYru38sx++hUcdPHAAJcA@mail.gmail.com> <[🔎] 20130325061123.GA10087@hysteria.proulx.com>

On Mon, Mar 25, 2013 at 3:11 PM, Bob Proulx <bob@proulx.com> wrote:
> Joel Rees wrote:
>> I know this is the wrong way to solve the underlying problems, but
>> sometimes brute force is required.
>
> If I were doing that by brute force then instead of using PAM I would
> use cron to create and remove a /etc/nologin file.  See 'man 5 nologin'
> for details of the file.  But something like this:
>
> 0 17 * * *  echo "No logins allowed now." > /etc/nologin
> 0 5 * * *  rm -f /etc/nologin
>
> That would be brute force.  Create the nologin file when you want and
> remove it when you want.
>
> Bob

Except that if you have root login disabled and you have to login in
the middle of the night, you have to use a local exploit.

However, I did consider setting cron to invoke a script to check for
logins every two minutes during the banned time period.

Putting a trap in the global postlogin script is another possibility.

But if time.conf is functional and I want to claim to be competent
with administrating Linux, I guess I'd better learn how to get it
working.

--
Joel Rees

Reply to:

References:
- restricting login times
  - From: Joel Rees <joel.rees@gmail.com>
- Re: restricting login times
  - From: Bob Proulx <bob@proulx.com>

Prev by Date: Re: restricting login times
Next by Date: Re: Grub edits at boot not saved
Previous by thread: Re: restricting login times
Next by thread: Re: restricting login times
Index(es):
- Date
- Thread