Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: axessit on March 05, 2009, 10:38:02 AM
-
I need to add a user (via cron task) to add a user to a group, then subsequently remove them. I am using it to add a user via time. I have a cron job set up and working that adds them via command line, but that's obvoiusly bypassing things and I need to do it via the accounts database.
At the moment I use
usermod -G shared,library,banned mikeso that mike gets put in the banned group as well as has access to his home folder and the library ibay. Then later on I use
usermod -G shared,library miketo take him out of the group.
The banned group does not have internet access. Thus (as I am using PAM authentication) I need to use the accounts properties somehow. When I use db accounts show mike I don't see mikes group membership.
How should I be doing this ?
-
Try this:
db accounts setprop mygroup Members user1,user2,user3
signal-event group-modify mygroup
-
Thanks very much. Works a treat!
-
axessit
If you are not familiar with sme server specific commands (ie signal events), then you can make changes in server manager eg add a user, change their group or anything else etc etc, and then review the messages log file.
You will see what commands get issued by sme server to make those changes, and then just use those commands in your cron jobs/scripts etc.
-
I need to add a user (via cron task) to add a user to a group, then subsequently remove them.
That sounds a very unusual thing to do.
What problem are you trying to solve?
-
Kids internet usage - my kids can log onto the computer but can't access the internet unless Mum or Dad put in their password :grin:, but the older son can access after the smaller ones go to bed without me having to be there to do it. Unfortunately he plays games after school instead of homework, or his siblings jump on the computer if he puts in his password etc. Since they can't keep their passwords secret. But the computer is there to type up stuff.
Plus, I can now deploy it to schools so that they can't access the internet during breaks and lunch times (as they all know the internet passwords).
Forced network policies - childs play :lol:
-
I suppose i should add for the viewing audience, there are actually two cron jobs. 1st to put him in the banned group at say 9am, then another to take him out, at say 8pm.
-
as far as I understand, OP want to give to his users internet access only in limited time periods...
I think that a squid acl wolud be better..
my 2c
Stefano
-
Now I'm curious. How would the OP create an appropriate Squid ACL?
-
If your using dansguardian, squid accepts requests from localhost so can't determine the user.
-
Yes, I am using dansguardian for content filtering and also PAM authentication to internet access, so it serves me well, since all I need do is put the users into a group that is banned (or alternatively ban all users except those in an allowed group). I guess it would depend on how dansguardian interacts with squid - that being said, I enjoy using a bypass so I don't need any password out in my "kids free zone" office.