NAME¶

pam_session_timelimit - Module to impose daily time limits on user sessions

SYNOPSIS¶

pam_session_timelimit.so [...]

DESCRIPTION¶

The pam_session_timelimit PAM module interfaces with systemd to limit the length of time that a user can use a service. This is a per-day time limit; each successive session counts against the limit and reduces the time available on a given day for remaining sessions.

The time used by a session is only recorded at the session end. It is therefore possible to exceed the absolute limit by launching sessions in parallel.

By default the settings for per-user session time limits are taken from the config file /etc/security/time_limits.conf. An alternate file can be specified with the path option.

Time limits in this config file are expressed using the syntax described in systemd.time(7).

The config file format does not support configuring different time limits for different services. To achieve this, use different path options for each service.

OPTIONS¶

path=/path/to/time_limits.conf

statepath=/path/to/session_state

MODULE TYPES PROVIDED¶

The account and session module types are provided.

RETURN VALUES¶

PAM_SUCCESS

PAM_PERM_DENIED

PAM_BUF_ERR

PAM_SYSTEM_ERR

PAM_SESSION_ERR

PAM_BAD_ITEM

PAM_IGNORE

FILES¶

/etc/security/time_limits.conf

/var/lib/session_times

EXAMPLES¶

#%PAM-1.0
#
# apply pam_session_timelimit accounting to login requests
#
login  account  required  pam_session_timelimit.so
login  session  required  pam_session_timelimit.so


      

SEE ALSO¶

systemd.time(7), pam.d(5), pam(7).

AUTHOR¶

pam_session_timelimit was written by Steve Langasek <vorlon@dodds.net>.