As part of continuing to control computer access by my kids (they are good kids, but kids are kids after all), I set about to restrict access by time. I also wanted a means to automatically log them out, as well as a notification telling them their time was almost up.
Links that helped:
It took a little tinkering, but in the end, I added the following line to /etc/pam.d/common-account:
account requisite pam_time.so
Because the /etc/pam.d/login and KDM files reference common-account, I did not have to modify them. I placed it below the existing unix.so entry.
Next, I edited /etc/security/time.conf and added several lines at the bottom:
*;*;root|parent-user1|parent-user2;Al0000-2400 #This ensures root and our parent accounts are not restricted.
*;*;child1:Al0900-2130 # Child1 is restricted for all services and logins on all days for access between 9 am and 9:30 pm.
*;*;child2:Al0900-2130 #Child2 restrictions…
Syntax is described in the man page for time.conf…. Be careful with the logic – piping the two child accounts together on one line did not work. Separating them into two lines did.
For notification and logoff, I thought about kdialog (zenity if using GNOME), but went for festival instead. Since there is no GUI notification, I do not have to point it to the right display variable and it gets a little easier. Plus, there is a definite geek factor here with a talking computer.
I installed festival and the English festvox packages, and then added the lines to /etc/crontab:
28 21 * * * root echo "It is now `date +\%r` . Time for bed. Log off now. You will be rudely ejected in two minutes. Good night." | festival --tts
30 21 * * * root /usr/bin/skill -KILL -u child1
30 21 * * * root /usr/bin/skill -KILL -u child2
The syntax for cron is found in the man page for crontab, and is also summarized in the crontab itself.
I chose not to use crontab -e and have user-based crontab files – this one is system-wide and is a little easier to work with. No special editor (I use vi), and when I am done, I restart the cron service:
sudo /etc/init.d/cron restart
I tested each step, and it all works on Kubuntu 8.04 just fine. Now, before 9 am and after 9:30 pm, the kids cannot log in. At 9:28 pm each night, a Steven Hawking voice will tell them they have two minutes. At 9:30 pm each night, their sessions are killed. If they are not on, nothing happens.
Some improvements I can make later is to check and see if they are on before running the festival notification. I will also play around with more realistic voices for festival.
I also think I will add birthday and holiday notifications in the crontab. I have already added in a wake-up call to the crontab using festival, and a .wav file will play (you don’t wanna know, trust me – it is very juvenile). To play files from the command line, I installed sox and all the suggested and recommended packages. But you probably only need sox.
And of course, there is the mischief factor – SSH, festival, and sox. Think of the possibilities! ^__________^
Filed under: HowTo, Security | Tagged: common-account, cron, crontab, festival, festvox, pam, pam.d, sox, text to voice, time.conf | 1 Comment »