timeoutd does not restrict login time if LOGIN/NOLOGIN lines are after session limit lines

Bug #121960 reported by Durval Menezes on 2007-06-24
6
Affects Status Importance Assigned to Milestone
timeoutd (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: timeoutd

= System: Ubuntu 7.04 Desktop x86
= timeoutd: 1.5-10

= Problem: timeoutd does not restrict login time

= Steps to reproduce:
- Install timeoutd
- Enter (for example) the following /etc/timeouts file:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[
Al:*:*:root:0:0:0:0
Al:*:*:*:0:120:240:5

Al:*:*:root:LOGIN
Al2130-0630:*:*:*:NOLOGIN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
- check date
     Sun Jun 24 06:25:48 BRT 2007
   (i.e, login/session should NOT be permitted for non-root users as per the above file)
- call timeoutd in one-shot check mode:
   timeoutd nobody tty1; echo $?
       0
   (i.e, login/session permitted)
- Now edit /etc/timeouts and put the LOGIN/NOLOGIN lines up front, like that:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[
Al:*:*:root:LOGIN
Al2130-0630:*:*:*:NOLOGIN

Al:*:*:root:0:0:0:0
Al:*:*:*:0:120:240:5
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
- Test again with timeoutd:
     timeoutd nobody tty1; echo $?
        Logins not allowed at this time. Please try again later.
        20
   (i.e, now the login time restriction is working)

= Comments/Proposed fix:
- 'man timeouts' says that "timeoutd will use the first entry for which the TIMES:TTYS:USERS:GROUPS fields all match the user who is being checked", so perhaps this is not a bug but a feature :-), if so the
best fix would be to make that clear in the documentation:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[
--- timeouts.5.orig-20070624 2007-06-24 06:42:53.000000000 -0300
+++ timeouts.5 2007-06-24 06:42:14.000000000 -0300
@@ -12,11 +12,11 @@
 the first non blank character is a hash (#) will be ignored. All other
 lines should be of the format:
 .PP
-TIMES:TTYS:USERS:GROUPS:MAXIDLE:MAXSESS:MAXDAY:WARN
+TIMES:TTYS:USERS:GROUPS:LOGINSTATUS
 .PP
 OR
 .PP
-TIMES:TTYS:USERS:GROUPS:LOGINSTATUS
+TIMES:TTYS:USERS:GROUPS:MAXIDLE:MAXSESS:MAXDAY:WARN
 .PP
 \fBTIMES\fR is a comma separated list of times for which the entry is valid.
 The entry will be ignored completely outside these times.
@@ -62,7 +62,9 @@
 .PP
 When searching through the timeouts file, timeoutd will use the first
 entry for which the TIMES:TTYS:USERS:GROUPS fields all match the
-user who is being checked.
+user who is being checked. So, please note that any LOGINSTATUS lines
+will need to be put before any 'session limit' lines or they will not
+be obeyed.
 .PP
 When calculating the number of minutes for which a user has been logged
 on in the given day, timeoutd will consider logged in time on all
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]

= Eof

Related branches

Jeff Anderson (jander99) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Changed in timeoutd (Ubuntu):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package timeoutd - 1.5-10.1ubuntu1

---------------
timeoutd (1.5-10.1ubuntu1) lucid; urgency=low

  [ Shawn Willden ]
  * Fixed local X session handling (LP: #165254, #212848)

  [ Fabrice Coutadeur ]
  * timeouts.5: added a comment to make clear that LOGINSTATUS should go first
    (thanks Durval Menezes) (LP: #121960)
 -- Shawn Willden <email address hidden> Sun, 04 Jan 2009 23:17:57 -0700

Changed in timeoutd (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers