TTC - TERMINAL TYPE CONTROL version 2.6
=======================================

Copyright (C) 28.5.1997 Pekka Riikonen, priikone@fenix.pspt.fi.
Distributable under the terms of GNU GPL, version 2 or later. See COPYING.

Ttc - Terminal Type Control -program, controls the logins on those 
terminal types, given as argument for the ttc. You can deny any terminal 
type you want and/or you can set timing for any terminal type you want.

Ttc is very handy when, for example, we want to deny logins from console 
except for some users, like adm's. By using -d option you can set the tty's 
you want to deny. Ttc then check's from authorization file (default: 
/etc/ttc.defauth) if the user has authorization to access that terminal 
type, if name is found access is granted. Otherwise, session will be killed.

Other very useful option is timing, -t. By using this option you can set 
timing to any tty you want to. This is very handy with serial lines. If 
you want to restrict the use of serial lines, ttc is the answer. What timing 
means, is that user who logs in to that tty which has timing, he/she 
can't use that tty any longer that defined in ttc. For examle you can 
set that /dev/ttyS1 and /dev/ttyS2 has 60 minutes time limit. So 
your modem users can have 60 minutes sessions, and not any longer. After 
time is up, user will be warned and after that session will be killed.

Timing option also has now a new feature. By default timing has some sort 
of time bank system. This means that user has for example 60 minutes time 
limit, for one day. If user uses all his/her time limit, he/she won't be 
able to log in again during that day. At 00:00 all time limit files will 
be removed. User can use his/her time limit in so many parts he/she 
wants, in that day.

Time bank system has an exception. You can create a file which includes 
names of those users who *has timing*, but *doesn't have time bank 
system*. This means that they have the same time limit all the others has, 
whose name is not in that file, but they are able to log in again, even 
if their time limit is up. This file is by default /etc/ttc.notimebank.

Timing option has also authorization check. Authorization file is same 
with -d option (default: /etc/ttc.defauth). Those users whose name is in 
this file has no timing at all, on those tty's which are marked as timed.

Ok, here is another new feature. As you can see, timing and deny uses 
same authorization files, by default. This means that those users whose 
name is in that file, are able to login on those tty's which are marked 
as denied and has no timing at all on those tty's, which are marked as 
timed. In some cases this is not a good thing. That's why there is an  
option which tell's ttc to use seperated authorization files for deny and 
timing. This options is -s. If you run ttc with this option, by default, 
ttc checks /etc/ttc.deny for deny authorization file and /etc/ttc.timing 
for timing authorization file. 

Timing process is handled by ttc daemon program (ttcd).

Also remember that those terminal types you deny, can't get, of course, 
timing and those terminal types you mark as timed can't be denied.

In version 2.6 there is another new feature. -l option, logins count 
limit per day for user(s). That means that if -l option is given, by 
default '/etc/ttc.logcount' file is checked for login limits. You can give 
two different options for login limits 'All' and/or 'User', where 'All' 
means that all users has same log limit which could be anything between
1 - 1000 times/day. With 'User' option in file, you can give for some 
specific user his/her own log limit. You can use 'All' alone or together 
with 'User' option(s) or other way. /etc/ttc.logcount file could be 
like next:

# Login limits for users
All 10
User priikone 20
User mmajuri 7

This means that all users except 'priikone' and 'mmajuri' has 10 log 
limit per day. When all users have logged on 10 times in that day they 
won't be able to logon back until day changes. 'priikone' has 20 logs 
for a day and 'mmajuri' has 7 logs for a day. Remember that you don't 
have to use 'All' if you don't want to, then only those users who are 
given in 'User' options has login limit. Also note that 'All' option has 
to be before 'User' option(s) in file! If -l option is not given, no 
login limits are set.


Options for ttc are given on the command line. Example:

$ ttc -d /dev/tty1 /dev/tty2 /dev/tty3 -t /dev/ttyS1 /dev/ttyS2

This would deny terminal types tty1..3 and would set timing to two first 
serial lines, ttyS1 and ttyS2. As you can see, you can set any tty you 
want and as many as you want to. 

Other way to give options is to create options file. By default, if you 
run ttc *without any options*, ttc reads /etc/ttc.options file for options.

By using -f option you can order ttc to read what ever options file you 
want. 

Options file could be like next:

# example ttc options file
# denied tty's
-d /dev/tty3 /dev/tty5
# timed tty's
-t /dev/ttyS1 /dev/ttyS2

This would set deny to tty3 and tty5 and timing for ttyS1 and ttyS2. 
Note: You can use only '-s', '-d', '-t' and '-l' options in options file. 
Any other option is ignored. Also, you can replace '-s' with 'sep', '-d' 
with 'deny', '-t' with 'timing' and '-l' with 'loglimit'. Those keywords are 
recognized as options in options file. Lines starting with '#' are ignored.

Other options you have to give on command line if you want to use them. 
Next are a few examples on command line:

Running ttc without options will always launch options file for options.

$ ttc

To use seperated authorization files for deny and timing give:

$ ttc -s

This will use seperated authorization files and runs, of course, options 
file. 

If you want to give some other options file than default and still 
use seperated authfiles, give:

$ ttc -s -f /etc/ownoptions

To get help on ttc give:

$ ttc -h

Always remember that you it is easier to use options file, so if you can 
use that, do so - it's much more easier. :)


RUNNING TTC AND TTC DAEMON

The very first thing to do after compiling, is to create the directory for 
the time limit files. Give as root,

$ ttcd -c

or create /tmp/ttc directory manually by using mkdir. ttcd -c command 
creates /tmp/ttc directory. Note: that was ttcd, not ttc. :)


To get ttc check on every login these tty's you define, you have to place 
ttc in file which are read on every login. If you use bash, this file 
would be /etc/profile, on the other hand, if you use tcsh, this file 
would be /etc/csh.login. Or any other you might think of - it doesn't 
matter as long as ttc will be executed on every login.


Ttcd you have to place in some rc script, like rc.local which is started 
on every boot. Ttcd daemon remains running on the background and handles 
timing for tty's. It creates another process of itself when someone starts 
timing, what means that if I log in for example from ttyS1 and timing is 
set for that tty, ttcd will start another ttcd process to handle that 
timing. Ttcd is run without arguments. Ttcd log messages are saved into 
/var/log/ttcdlog.


=====================================================================
IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT 
---------------------------------------------------------------------
CLEAN TIME LIMIT FILES -OPTION

This option is in ttc daemon program (ttcd) and is -c. It is in root's use 
only. Note: Never give this option unless you know what you're doing. This 
option removes all the files from /tmp/ttc and of course sets users time 
limits to max again.

This option is meant to be run every day when time is 00:00. Maybe, the 
best way to do that is to put ttcd with -c option in crontab. Like in 
/var/spool/cron/crontabs/root. Put there a line which looks like this:

00 00 * * * /usr/local/bin/ttcd -c

Then rerun crond. This will run ttcd with -c option every day when time is 
00:00 which is exactly what we want.

NOTE: If you don't run -c option every day on 00:00 time bank system 
won't work, since it doesn't remove the zero files. This means that users 
won't be able to login back again, so don't forget to run this every day 
00:00 !!!!!

Other way to do this is to make at job of ttcd -c. give 'man at'.
---------------------------------------------------------------------


AUTHORIZATION FILE

Form for the /etc/defauth, /etc/ttc.deny and /etc/ttc.timing file is simple. 
All you have to do, is put the login name in that file.

# Authfile sample file
priikone
mmajuri

this gives 'unlimited access' to those users. Into this file, I 
suggest *not* to put any vanity lines, because every line will be read. 

Note: Name in /etc/defauth or /etc/ttc.timing or /etc/ttc.notimebank will 
cause that no login limits are set for that user even if it is set in 
/etc/ttc.logcount.


BUGS:

Naah... At least I hope there isn't. Please report any bug if you find one!

This readme is probably a bit confusing.



Any other ideas or suggestions or something, are welcome.

						Pekka Riikonen
						priikone@fenix.pspt.fi
						26.5.1997

