My Best Teaching Is One-on-One


Of course, I team teach and do special lessons, etc.


But my best work in the classroom is after the lesson is over --
going one-on-one,
helping individual students with their assignments.


It's kind of like with computer programs, walking the client through hands-on.
The job isn't really done until the customer is using the program.


Monday, March 25, 2013

Keeping the kids off the computer in the middle of the night.

Our children have the attitude that using the computer is a right, not a privilege. One seems to think that being denied is cause for outlasting his parents into the middle of the night and logging in while we are asleep.


"Fixing" this through technical means is not even a bandaid. It's the wrong thing to do in so many ways. But we need our sleep and this child needs to know some limits.


Here's one way to set some limits on Debian -- Use PAM to limit the time certain users can log in.:
デビアン Linux では制限を設定する一つのやり方としては、特定のユーザー号でログイン可能な時間帯を PAM というものを利用して決めるのです。

In the directory

  • /etc/pam.d

are several files where a PAM module called pam_time needs to be enabled:
に、 pam_time という時間関連の PAM上の一単位部品(モジュール)を有効に指定できる文書(ファイル)は幾つか在ります。つまり

  • login
  • su
  • gdm


(There is so much misinformation about this, and so much old information, on the web, it's not at all funny. Since PAM will evolve, this post will get old, and it isn't going to be the same for Fedora or other non-Debian distros, but for now this is how it's done on Squeeze.)
(インターネット網上で調べてみると、もう、まったく面白くないほどの誤情報や賞味期限切れ情報がどっさりと出てくるのを…。まあ、 PAM の進化次第この投稿も賞味期限に着くし、フェドラ Linux などのデビアン以外の配付版では違いますが、現在のスクイーズ版ではこういうやり方です。)

In the files login and su, there are already appropriate lines, commented out:
login 及び su という文書に、注釈化されて無効になっている適切な指定行は既に在ります。つまり

# account    requisite


Remove the hash mark from the head of the line:

account    requisite


Or, you might want to copy the line and remove the hash mark from the copy so that you remember that it was commented out in the stock version of the files. Or you can leave comments like this:

# Enabled 2013/03/25 JMR

Then, in the file gdm, you need to add a similar line:
続いて、 gdm という文書に似た文を足す必要があります。つまり、

account    required


before the line

@include common-auth


At least, that's where I added it and it's working for me now. You might want to leave comments here, as well:

# Added 2013/03/25 JMR


Now you need to restart PAM. I just reboot. Even if you have tools that are supposed to remember (and re-calculate) all the order dependencies for you, by the time you look it all up and get it straight in your head, you could have just rebooted and been done with it long ago.
PAM を再起動させる必要が在ります。ボクにしては単純にシステム全体を再起動します。例え、それぞれの順番と依存関係を纏めて、必要によって再計算してくれる道具が在ったとしても、その命令と使用法を調べて全部を理解して適用でる間に、もうはるか以前にシステムの再起動が終わって新しい指定が効いているのです。

The above lines are necessary to tell PAM (Pluggable Authentication Modules) that it can read the following file:
以上の指定文があって、付け替え可能・認証機能・単品群 PAM に次の


and accept the rules it finds there.

This file is where you finally add the rule that blocks the login accounts they use during the hours they are supposed to be sleeping. If user1, user2, and user3 are the user ids under which they log in, and the banned time is from 11:00 pm to 5:00 am, 
やっと、子供らが使ってログインしている帳簿(アカウント)を寝ているはずの時間帯に無効にする指定文を、このファイルに足すと効力が有って差し止めることができます。たとえ、ログインしているユーザーイッドは、 user1, user2, 及び user3 になっているとして、禁止の時間帯が午後11時から午前5時までであると


should do the trick.

But test it first with 


and make sure it blocks only these user ids.

Check the messages in /var/log/auth.log and /var/log/daemon.log, too, after trying to log in. You can use ls and tail:
ログインを試みてから、 /var/log/auth.log内や、 /var/log/daemon.log内のメッセージをも見ておくのをおすすめします。以下のように、 lstail の命令は使えます。

sudo ls -lart /var/log
sudo tail -40 /var/log/auth.log
sudo tail -40 /var/log/daemon.log

Then change the time range to the range you think you should ban, 24 hour clock, military style. Make sure you check the logs again.

Mind you, if you have to resort to this kind of thing to discipline your kids, you're going to have to use strong passwords, and keep the passwords where the kids won't find them. But you should be using good passwords anyway, since weak passwords can often be guessed by people out there trying to log in to your computer through the internet.

Hiding your passwords in plain sight is a topic for another rant, but I have to go.

No comments: