Question

6

How to lock yourself out of the primary account temporarily?

rated 0 times [ 6] [ 0] / answers: 1 / hits: 1011 / 1 Year ago, tue, may 2, 2023, 10:23:49

I'm looking for something like LeechBlock, or StayFocusd on steroids, i.e. something that could block my Internet access temporarily, but do it in a way that would be a major hassle to disable, unlike these browser plug-ins (A "major hassle" is something like re-installing the OS)

If I create a "restricted" account, block its Internet access and exclude it from sudoers, it would work for me, but only if I could somehow lock myself out of my primary account on the machine, temporarily.

Can this be done in Ubuntu? (I'm sticking with 11.04, but I would consider upgrading or paying for this feature)

Simply letting someone else be the admin of my machine is not an acceptable solution for me.

Something like a cron job temporarily resetting the password might do the job, but it would have to be something very reliable, obviously. I can't risk being permanently locked out, because the machine had to reboot, etc.

I also asked a more general version of this question, in productivity.SE.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

oraoming

Add To Favorites

Follow

Total Points: 354

Total Questions: 105

Total Answers: 124

Location: Iraq

Member since Sat, Apr 3, 2021

3 Years ago

answered 1 Year ago cocal · Accepted Answer

PAM

A nice not so easy to overcome approach to achieve a temporary lock out from your account is to define rules for the pluggable authentication module pam_time. By doing so we can define a certain time of the day when we are allowed to log in and use our account. Login will result with authentication failure outside these defined hours.

Tell lightdm to use pam_time:

To apply pam_time we edit /etc/pam.d/lightdm to add the following line:

account    required    pam_time.so

Define rules for pam_time:

All rules for pam_time are stored in /etc/security/time.conf. See the manpage for time.conf for details on the syntax. To e.g. deny login for user oleg on workdays from 8:00 a.m. to 5:00 p.m. we add the following line there:

login; *; oleg; !Wd0800-1700

To overcome these rules we may comment out the added lines from a root access (e.g. by booting a live system or with another user account).

Other than restricting access we may consider to further narrow this down to only some services we may not want to have access:

http; *; oleg; !Wd0800-1700

will disable internet access for user oleg on weekdays from 8 a.m. to 5 p.m..