If you I want to allow users log in in to system only at working hours use pam_time.so module. This example works on CentOS and I suspect that it will be work at RHEL as well.
We should edit to files for this:
/etc/pam.d/login
/etc/security/time.conf
Let’s begin from first one. Put next line into the file:
account required pam_time.so
after that go to the /etc/security/time.conf, and insert next:
login;tty*;user1|user2|user3;Wk0009-1800 & !Wd0000-2400
where
login – the type of pam service
tty* – terminal name(in this case all terminal ttyXXX, you also specify defined terminal as well)
user1|user2|user3 – users or user name which should be restricted
Wk0009-1800 & !Wd0000-2400 – time frame. Time where actions is allowed. To inverse it put “!” before. There is 7 types of day:
Mo Tu We Th Fr Sa Su Wk Wd Al
First seven is according to weeks day.
Wk – means all work days(Mo-Fr)
Wd – it’s week end(Sa,SU)
Al – all days of week.
Now, you new rules was applied. And users user1, user2, user3 can’t log on system at no working time. No restart is required.
But we still have one problem. Users which logined at work time can be continuous use system without problem. To prevent this situation I have written little script.
Rename it to time.sh and put anywhere at your system. After this new crontab entry should be added:
crontab -e
55 17 * * 1-5 /path/to/time.sh
Now all session will be destroyed at the end of working day and script notify user via user’s terminal 5 minutes before this. After that nobody from specified users willn’t be able to login on the system.
