Skip to content

Access hours for Sun Ray users

January 7, 2009

Having installed a Sun Ray in my daughters bedroom I am now faced with the inevitable problem of her being online all night not getting any sleep and then being generally grumpy. The irony here is that I was sent an email asking how I handle access control to the DTUs and I said I just trusted the children to be sensible (what was I thinking!).

So a solution was required that gave access to the systems only between certain hours. The hours would depend on the user and would have to not loose all their “work” in case this was a late night finishing their homework session.

After asking around no one came back to me and said how it can be done so I wrote my own script. It works by having a file that contains lines with a format


The times are specified in 24 hour format and only accurate to the minute.

# cat /etc/opt/local/access_hours              user1:1915:1900 user2:0630:2300 user3:0630:2230 user4:0630:2000 # 

The top line is just really for testing only not allowing access from 1900 to 1915. Then you need a user who has system admin privs which does not have a crontab file. Since I already have a kroot role I’m overloading this. Running the script as with the -c flag and the name of the user will write the crontab file. Note it also writes an entry to keep the crontab file uptodate on an hourly basis.

# /usr/local/sbin/check_access_hours -c kroot # crontab -l kroot 46 * * * * /usr/local/sbin/check_access_hours -c kroot 00 19 * * * /usr/local/sbin/check_access_hours user1 00 23 * * * /usr/local/sbin/check_access_hours user2 30 22 * * * /usr/local/sbin/check_access_hours user3 00 20 * * * /usr/local/sbin/check_access_hours user4 #  

Finally I added a line to the utaction script that is already run for every user when they connect to a Sun Ray DTU:

if ! /usr/local/sbin/check_access_hours -t 0 $1 then         exit 1 fi

The way it disallows access is that it adds the DTU’s IP address to the ipfilter, which you have to have configured, so that all traffic from the DTU is blocked. It also submits an at(1) job to run 2 minutes in the future to remove the block so that the Sun Ray can burst back into life. The effect is that the user can no longer use any Sun Ray outside of the defined hours. But after about 2 minutes the DTU is usable again by others or indeed as a photo frame.

A word of warning. Having got all this running the system has paniced twice which is disappointing on one level, that it panics, but pleasing on another, I’ve found a bug that can now be fixed. The bug is:

6791062: System panic in ip_tcp_input when a rule is added to ipfilter

I look forward to the fix!

The script is here but check that that bug has been fixed before you use it.


From → Solaris

One Comment
  1. [Trackback] I have just uploaded and update to my script that controls the access hours of users to Sun Ray DTUs. The change is to not block the DTU if the user accepts the warning and disconnects voluntarily.
    With that test in place the number of forced disc…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: