Limiting user internet usage by duration. Is it possible?
Hi, Does anyone already accomplished to limit users usage of internet (tcp 80,21 only) by the time spent. I know it is possible to limit by amount of data retrieved (delaying pool, I guess) or by schedule (defining acl) but I didn’t find anything about duration. Let’s say I wish to allow the usage of internet for a User or Pc for 1 hour per day. Any ideas? Thanks. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10-02-2005
On Sat, 12 Feb 2005 20:18, Carlos Rodrigues wrote:
Does anyone already accomplished to limit users usage of internet (tcp 80,21 only) by the time spent.
I know it is possible to limit by amount of data retrieved (delaying pool, I guess) or by schedule (defining acl) but I didn’t find anything about duration.
Let’s say I wish to allow the usage of internet for a User or Pc for 1 hour per day.
This program may be suitable, I have not used it. http://www.safesquid.com/html/index.shtml Have a look at "Define user limits" http://www.safesquid.com/html/defineuserlimits2.shtml Although looking at the info it seems it can only limit to the Time of day you can access the web. -- Regards, Graham Smith ---------------------------------------------------------
Thanks Graham, This program seems interesting and I will look into it. Yet, that particular issue of limiting using duration is not solved with it. Several programs I've seen are focused on limiting usage using a time schedule. I really need to allow usage by duration. But thanks anyway. Please keep this in mind. If you bump into a solution remember me. Regards, Carlos -----Mensagem original----- De: Graham Smith [mailto:gqs@iinet.net.au] Enviada: segunda-feira, 14 de Fevereiro de 2005 5:33 Para: suse-linux-e@suse.com Assunto: Re: [SLE] Limiting user internet usage by duration. Is it possible? On Sat, 12 Feb 2005 20:18, Carlos Rodrigues wrote:
Does anyone already accomplished to limit users usage of internet (tcp 80,21 only) by the time spent.
I know it is possible to limit by amount of data retrieved (delaying pool, I guess) or by schedule (defining acl) but I didn’t find anything about duration.
Let’s say I wish to allow the usage of internet for a User or Pc for 1 hour per day.
This program may be suitable, I have not used it. http://www.safesquid.com/html/index.shtml Have a look at "Define user limits" http://www.safesquid.com/html/defineuserlimits2.shtml Although looking at the info it seems it can only limit to the Time of day you can access the web. -- Regards, Graham Smith --------------------------------------------------------- -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10-02-2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10-02-2005
Does anyone already accomplished to limit users usage of internet (tcp 80,21 only) by the time spent.
I know it is possible to limit by amount of data retrieved (delaying pool, I guess) or by schedule (defining acl) but I didn’t find anything about duration.
Let’s say I wish to allow the usage of internet for a User or Pc for 1 hour per day.
This seems pretty hard to reach. What does 1 hour mean? The user starts to surf and now there is a time window of 1 hour? The user is surfing a webpage, is reading on for 5 min or so, reads another and comes back in 2 hours to surf for another 10 minutes? It takes just a few seconds to load a page. How to know, what user does now in front a the machine? One possibility is to cause iptables to make a log entry with -m limit module, then browse this log with a script to raise a iptables command blocking this user via "at" in 1 hour. At midnight "cron" does a rule reset. This makes a time window of one hour! The same script could count the minutes with a protecting/reload mechanism for the same minute of surfing. "Cron" then can reset these counters, too. So you can accumulate surfing minutes per user. Hope that helps The Polarizer Polarizers at its best http://www.glasspolarizers.com
On Tuesday 15 February 2005 09:43, Polarizer wrote:
Does anyone already accomplished to limit users usage of internet (tcp 80,21 only) by the time spent.
I know it is possible to limit by amount of data retrieved (delaying pool, I guess) or by schedule (defining acl) but I didn’t find anything about duration.
Let’s say I wish to allow the usage of internet for a User or Pc for 1 hour per day.
I would suggest, tracking the amount of time each users has a running mozilla / Konquerer session active. First option is, when starting to browse, launch a script in the background that will kill the pid after one hour, if still active (session limit) Second option: Give each user a "60-minute credit", run a cron-job that check for each instance of an browser the UID and reduce its credits. After reaching countdown, create for that user a symbolic link from /bin/false towards /home/<user>/bin/mozilla (or Konquerer) to inhibit a relaunch. And after midnight, restore the old situation. (update credits, remove link) Same can be applied for *mule, msn, etc etc This (no so difficult) works however only for local machines, If to be done on remote machine (firewall), it's get complicated. You have to analyse the traffic coming from that particular PC. It it's trafic from port-80 - start a 5 minute timer, if not already running if timer expires, reduce user-credit count. If user-credit-count reaches zero, block port-80 from/to that PC (the difficult part here, is analysing the traffic from a script, You can instruct iptables to log everything from port 80, but that goes to the system logfile among other things....) Hans
The Tuesday 2005-02-15 at 10:31 +0100, Hans Witvliet wrote:
I would suggest, tracking the amount of time each users has a running mozilla / Konquerer session active. First option is, when starting to browse, launch a script in the background that will kill the pid after one hour, if still active (session limit)
It will trigger if the user is reading local documentation files. Not even reading, but just having the browser open in the background of the desktop. -- Cheers, Carlos Robinson
participants (5)
-
Carlos E. R.
-
Carlos Rodrigues
-
Graham Smith
-
Hans Witvliet
-
Polarizer