Guitars, Paramedics, Linux, and Me

December 11, 2006


  1. Hi Scott. Do you also run a webfilter setup of any kind? I set up squid, squidguard, dansguardian, and iptables in order to have a more-or-less complete solution, with per-user transparent proxy (no browser settings to allow you to bypass the proxy). I had to set up postfix so that I would get e-mails if repeated blocked browsing attempts exceeded a threshold. Little bit of effort, but it really gives me that peace of mind. I haven’t implemented a login control like in your article, but I think that will be next, as a just-in-case. I did set the proxy to deny access between certain hours of the day and give a custom message, however. If you are also using a filtering solution, I would be very interested to read about it. Your article was quite informative!


    Comment by symbolik — January 14, 2007 @ 5:21 am | Reply

  2. I do not use a proxy with my kids at home. I have setup a squid proxy in the past, but a proxy does not fit into my home lan needs at the moment.

    I do use IPTABLES though.

    Comment by Scott Kindley — January 14, 2007 @ 1:26 pm | Reply

  3. Fantastic! I knew there had to be a better way than all the others I have seen, and this is it. I thought it’d be part of the restricted time/days access settings.

    This works just as well and teaches me a bit about cron in the process. I didn’t know you could tell it to only do things on certain days of the week!

    I’ve got a local copy saved in case this disappears.

    Comment by cookieninja — November 26, 2007 @ 5:10 pm | Reply

  4. Last year when I was forced to restrict my childen’s time spent at computer I could not find any ideas, so I went on with my approach. Instead of using PAM, as it would allow them to use computer only at certain times, I wrote a small script which relies on wtmp file and accounts total time they spend with PC. Password part us gly, but I never thought I will share this 😀
    sac package is needed.


    if [ $# -le 1 ] ; then
    echo “Usage: username quota ( “$OVER” ]] ; then
    if [[ `w $1 -s -h | wc -l` -gt 0 ]] ; then
    killall -u $1
    killall -s 9 -u $1
    sed -i “/^$1/d” /etc/passwd
    exit 0
    elif [ $VEL -le 10 ] ; then
    su – $1 -c “DISPLAY=:0 zenity –warning –title “Brīdinājums” –text \”Paliku\šas $VEL minūtes\!\””
    EXISTS=`grep -c $1 /etc/passwd`
    if [ $EXISTS -le 0 ] ; then
    case $1 in
    “fridrihs” )
    sed -i “/^gdm/afridrihs:x:1002:1001:Fridrihs,,,:/home/fridrihs:/bin/bash” /etc/passwd
    “beta” )
    sed -i “/^gdm/abeta:x:1001:1001:Beatrise,,,:/home/beta:/bin/bash” /etc/passwd

    Comment by shpokas — November 28, 2007 @ 3:46 am | Reply

  5. […] Update: I found a method for getting the Parental Controls that I needed in Ubuntu. […]

    Pingback by Ubuntu Parental Controls | The Bristow's dot COM — June 10, 2008 @ 12:12 pm | Reply

  6. Howdy Scott – Let’s suppose we don’t care WHEN the user logs in. We just want to limit the total time per day that the user can be on the system. Do you know how to do that?

    Comment by tpkatsa — July 6, 2010 @ 9:13 am | Reply

    • Yes I have setup a system for a cyber cafe where users where allowed time on the workstation for a predetermined amount of time. That is of course not within the scope of this article. Frankly there are several ways to go about that and most can become pretty difficult to setup.

      For example lets say you want a user to only have 1 hour of time on a workstation in a 24 hour period. Is the 24 hour period defined as 1 hour in the 24 hour period beginning from the time the user first logged in, or 1 hour from 00:00:00 to 23:59:59.

      One must also consider what happens if the user logs in for 3 minutes, logs off and logs back in and hour later for 14 minues 36 seconds, logs off and back in again for the remander of the time. This example seems far fetched but believe me I’ve seen situations where a user logged in and out numerous times in a short period of time. It would be a nightmare to script something like this with the basic tools I used in the article.

      Again what you are describing is very possible but not very practicle using the basic tools that I’ve used in the article.

      Comment by Scott Kindley — November 14, 2010 @ 5:05 pm | Reply

  7. First of all, this page was great while setting up an environment for my daughters, thanks!

    Some time ago while upgrading to Fedora 1* (can’t remember any more exactly which version) I found out that the following line


    should be modified a bit


    and then respectively the file that needs to be modified further would be /etc/pam.d/gdm-password instead of /etc/pam.d/gdm

    Comment by poplacex — November 7, 2010 @ 10:38 am | Reply

    • Thanks for the info. I havn’t updated this article beyond Fedora Core 6 (or posted any other articles for that matter) in a long, long time. It’s nice to see this article still referred to after all this time. While file names/locations may change over time between distributions the basic principles are still valid. In fact judging from the stats for this article more people using Ubuntu refer to this article than folks running Fedora/Red Hat distributions 🙂


      Comment by Scott Kindley — November 14, 2010 @ 5:13 pm | Reply

  8. […] Fedora Core 6: Controlling Logins By Time « Scott Kindley […]

    Pingback by how to restrict user to login on 1 pc at a time — August 25, 2014 @ 12:16 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: