timekpr fails to run
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
timekpr |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi. Looking for something like this myself, and found that when I installed it didn't report any problems. It failed to run from the GUI, however, and when I tried from the command line (sudo timekpr) it reports the following:
Error: Could not find timekpr section in '/etc/security/
I checked the file and found there is no reference to timekpr there. What is supposed to be there for this to work?
From /var/log/
2010-03-04 11:29:59 Starting timekpr version 0.3.0
2010-03-04 11:29:59 Variables: GRACEPERIOD: 120 POLLTIME: 45 DEBUGME: True LOCKLASTS: 1 hour
2010-03-04 11:29:59 Directories: LOGFILE: /var/log/
e/timekpr
2010-03-04 11:29:59 checklockacct called
2010-03-04 11:29:59 configuration file for larry exists
2010-03-04 11:36:50 Starting timekpr version 0.3.0
2010-03-04 11:36:50 Variables: GRACEPERIOD: 120 POLLTIME: 45 DEBUGME: True LOCKLASTS: 1 hour
2010-03-04 11:36:50 Directories: LOGFILE: /var/log/
e/timekpr
2010-03-04 11:36:50 checklockacct called
2010-03-04 11:36:50 configuration file for larry exists
2010-03-04 11:38:55 Starting timekpr version 0.3.0
2010-03-04 11:38:55 Variables: GRACEPERIOD: 120 POLLTIME: 45 DEBUGME: True LOCKLASTS: 1 hour
2010-03-04 11:38:55 Directories: LOGFILE: /var/log/
e/timekpr
2010-03-04 11:38:55 checklockacct called
2010-03-04 11:38:55 configuration file for larry exists
From /etc/security/
# this is an example configuration file for the pam_time module. Its syntax
# was initially based heavily on that of the shadow package (shadow-960129).
#
# the syntax of the lines is as follows:
#
# services;
#
# white space is ignored and lines maybe extended with '\\n' (escaped
# newlines). As should be clear from reading these comments,
# text following a '#' is ignored to the end of the line.
#
# the combination of individual users/terminals etc is a logic list
# namely individual tokens that are optionally prefixed with '!' (logical
# not) and separated with '&' (logical and) and '|' (logical or).
#
# services
# is a logic list of PAM service names that the rule applies to.
#
# ttys
# is a logic list of terminal names that this rule applies to.
#
# users
# is a logic list of users or a netgroup of users to whom this
# rule applies.
#
# NB. For these items the simple wildcard '*' may be used only once.
#
# times
# the format here is a logic list of day/time-range
# entries the days are specified by a sequence of two character
# entries, MoTuSa for example is Monday Tuesday and Saturday. Note
# that repeated days are unset MoMo = no day, and MoWk = all weekdays
# bar Monday. The two character combinations accepted are
#
# Mo Tu We Th Fr Sa Su Wk Wd Al
#
# the last two being week-end days and all 7 days of the week
# respectively. As a final example, AlFr means all days except Friday.
#
# each day/time-range can be prefixed with a '!' to indicate "anything
# but"
#
# The time-range part is two 24-hour times HHMM separated by a hyphen
# indicating the start and finish time (if the finish time is smaller
# than the start time it is deemed to apply on the following day).
#
# for a rule to be active, ALL of service+ttys+users must be satisfied
# by the applying process.
#
* ; * ; amber ; Al1800-2000
#
# Here is a simple example: running blank on tty* (any ttyXXX device),
# the users 'you' and 'me' are denied service all of the time
#
#blank;tty* & !ttyp*;
# Another silly example, user 'root' is denied xsh access
# from pseudo terminals at the weekend and on mondays.
#xsh;ttyp*
#
# End of example file.
#
(NOTE: obviously I had tried to set up time limits for Amber on my own, but it never took yet...)
From /etc/security/
# Login access control table.
#
# Comment line must start with "#", no space at front.
# Order of lines is important.
#
# When someone logs in, the table is scanned for the first entry that
# matches the (user, host) combination, or, in case of non-networked
# logins, the first entry that matches the (user, tty) combination. The
# permissions field of that table entry determines whether the login will
# be accepted or refused.
#
# Format of the login access control table is three fields separated by a
# ":" character:
#
# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so
# module, you can change the field separation character to be
# '|'. This is useful for configurations where you are trying to use
# pam_access with X applications that provide PAM_TTY values that are
# the display variable like "host:0".]
#
# permission : users : origins
#
# The first field should be a "+" (access granted) or "-" (access denied)
# character.
#
# The second field should be a list of one or more login names, group
# names, or ALL (always matches). A pattern of the form user@host is
# matched when the login name matches the "user" part, and when the
# "host" part matches the local machine name.
#
# The third field should be a list of one or more tty names (for
# non-networked logins), host names, domain names (begin with "."), host
# addresses, internet network numbers (end with "."), ALL (always
# matches), NONE (matches no tty on non-networked logins) or
# LOCAL (matches any string that does not contain a "." character).
#
# You can use @netgroupname in host or user patterns; this even works
# for @usergroup@
#
# The EXCEPT operator makes it possible to write very compact rules.
#
# The group file is searched only when a name does not match that of the
# logged-in user. Both the user's primary group is matched, as well as
# groups in which users are explicitly listed.
# To avoid problems with accounts, which have the same name as a group,
# you can use brackets around group names '(group)' to differentiate.
# In this case, you should also set the "nodefgroup" option.
#
# TTY NAMES: Must be in the form returned by ttyname(3) less the initial
# "/dev" (e.g. tty1 or vc/1)
#
#######
#
# Disallow non-root logins on tty1
#
#-:ALL EXCEPT root:tty1
#
# Disallow console logins to all but a few accounts.
#
#-:ALL EXCEPT wheel shutdown sync:LOCAL
#
# Same, but make sure that really the group wheel and not the user
# wheel is used (use nodefgroup argument, too):
#
#-:ALL EXCEPT (wheel) shutdown sync:LOCAL
#
# Disallow non-local logins to privileged accounts (group wheel).
#
#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
#
# Some accounts are not allowed to login from anywhere:
#
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
#
# All other accounts are allowed to login from anywhere.
#
#######
# All lines from here up to the end are building a more complex example.
#######
#
# User "root" should be allowed to get access via cron .. tty5 tty6.
#+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6
#
# User "root" should be allowed to get access from hosts with ip addresses.
#+ : root : 192.168.200.1 192.168.200.4 192.168.200.9
#+ : root : 127.0.0.1
#
# User "root" should get access from network 192.168.201.
# This term will be evaluated by string matching.
# comment: It might be better to use network/netmask instead.
# The same is 192.168.201.0/24 or 192.168.
#+ : root : 192.168.201.
#
# User "root" should be able to have access from domain.
# Uses string matching also.
#+ : root : .foo.bar.org
#
# User "root" should be denied to get access from all other sources.
#- : root : ALL
#
# User "foo" and members of netgroup "nis_group" should be
# allowed to get access from all sources.
# This will only work if netgroup service is available.
#+ : @nis_group foo : ALL
#
# User "john" should get access from ipv4 net/mask
#+ : john : 127.0.0.0/24
#
# User "john" should get access from ipv4 as ipv6 net/mask
#+ : john : ::ffff:
#
# User "john" should get access from ipv6 host address
#+ : john : 2001:4ca0:0:101::1
#
# User "john" should get access from ipv6 host address (same as above)
#+ : john : 2001:4ca0:
#
# User "john" should get access from ipv6 net/mask
#+ : john : 2001:4ca0:
#
# All other users should be denied to get access from all sources.
#- : ALL : ALL
Information on installation is a little sketchy; I installed bazar as in the README file and ran the install.sh script using root (sudo) permissions.
> ran the install.sh script using root (sudo) permissions.
That is the reason. I need to delete that script from the source! It is not intended to be used for installing timekpr. Please, download a .deb or add the PPA.
install.sh is just something I put together to make it easier for myself to update while developing. Sorry for the inconvenience!