Prohobit applications from running

I have a laboratory of PC:s running OpenSuSE 11.1.
The courses for this lab is not scheduled, so students can come and go any time of day, any day of the week.

The given policy is that it is OK to run simulations, as long as the student running the simulation is present. Leaving the computer for an hour or so is also OK. However, it is not OK to start simulations and leave them unattended running for days, hogging up the computer resources for other possible users.

Simply telling students not to do this will not help. :open_mouth:

So, is there a way to successfully prohibit applications from running? Something that would survive renaming and changing the contents (as in new versions) of the binary? I guess not.

Any other ideas upon how to accomplish this?

since noone else answered. Installing app X in a jail, or automating to shut down per cron after Y time e.g. :slight_smile:

On Tue, 10 Nov 2009 17:56:01 +0000, rackham wrote:

> I have a laboratory of PC:s running OpenSuSE 11.1. The courses for this
> lab is not scheduled, so students can come and go any time of day, any
> day of the week.
>
> The given policy is that it is OK to run simulations, as long as the
> student running the simulation is present. Leaving the computer for an
> hour or so is also OK. However, it is not OK to start simulations and
> leave them unattended running for days, hogging up the computer
> resources for other possible users.
>
> Simply telling students not to do this will not help. :open_mouth:

  1. Find one student that is doing it.

  2. Replace their “simulation” results with random garbage, or an MP3 of
    Brittany Spears, or something equally worthless, but don’t tell them
    about it.

  3. Let it be known via the rumour mill that if you want the simulation to
    work, you need to babysit it, otherwise your results might be trash.

David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

hahaha that made my day , er , evening whatever timezone :slight_smile:

I suppose you mean chroot jail, though I don’t see how to go about using that will accomplish what I’m trying to do. Besides the applications to be prohibited may not necessarily be preinstalled, but can very well be downloaded from the web.

, or automating to shut down per cron after Y time e.g. :slight_smile:

This sounds more doable, but how do I make cron shut down after a certain time of inactivity? Or is that not what you mean?

cron daily hourly etc, just write a shell script checking for whatever app with pid etc etc edit although this might be tricky if Im thinking what you might be thinking. login times e.g. last? ? unless they leave themselves logged in … I do not know exactly what your guidelines are . :wink:

On Tue, 10 Nov 2009 19:36:02 +0000, rackham wrote:

> Heremod;2063079 Wrote:
>> since noone else answered. Installing app X in a jail
>
> I suppose you mean chroot jail, though I don’t see how to go about using
> that will accomplish what I’m trying to do. Besides the applications to
> be prohibited may not necessarily be preinstalled, but can very well be
> downloaded from the web.
>
>> , or automating to shut down per cron after Y time e.g. :slight_smile:
>
> This sounds more doable, but how do I make cron shut down after a
> certain time of inactivity? Or is that not what you mean?

If you’re trying to determine inactivity based on keyboard/mouse usage,
you could tie into something like dbus and trigger a script based on the
screensaver kicking in (for example). I use something like that to
disable the OLED display on my Wacom tablet when the screensaver kicks in.

Jim

Jim Henderson
openSUSE Forums Moderator

Provide them with a bluetooth device and use bluetooth proximity :wink:


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.37-0.1-default
up 1 day 17:52, 2 users, load average: 0.03, 0.13, 0.28
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18

:slight_smile: Well, actually my thoughts have been going along the outline of that suggestion. However, we’d prefer not to go to such levels of destructiveness. That only brings bad reputation upon the courses. The devil in me is starting to rub his hands though. >:)

This sounds interesting. Could you please evolve this into more detail?

On Tue, 10 Nov 2009 19:56:01 +0000, rackham wrote:

> hendersj;2063129 Wrote:
>>
>> If you’re trying to determine inactivity based on keyboard/mouse usage,
>> you could tie into something like dbus and trigger a script based on
>> the
>> screensaver kicking in (for example). I use something like that to
>> disable the OLED display on my Wacom tablet when the screensaver kicks
>> in.
>
> This sounds interesting. Could you please evolve this into more detail?

Caveat - I’m using the GNOME desktop - don’t know if KDE uses dbus or not.

Basically, there’s a command called dbus-monitor - you can do all sorts
of interesting event-based processing with things that register with
dbus. gnome-screensaver does, and when it activates, it kicks off an
event that dbus-monitor can recognize.

I found a sample perl script that used this and basically pipes the
output of the command:

dbus-monitor --session
“type=‘signal,interface=’.org.gnome.ScreenSaver’,member=‘SessionIdleChanged’”

The perl script then just does a match on the output for a value of true
or false using a conditional expression of either (m/^\s+boolean true/)
or (m/^\s+boolean false/) and executes an external script based on those
two comparisons.

I found sample code at

http://tinyurl.com/yzu8eev

Should get you started.

Jim


Jim Henderson
openSUSE Forums Moderator

On 2009-11-10, rackham <rackham@no-mx.forums.opensuse.org> wrote:
> I have a laboratory of PC:s running OpenSuSE 11.1.
> The courses for this lab is not scheduled, so students can come and go
> any time of day, any day of the week.
>
> The given policy is that it is OK to run simulations, as long as the
> student running the simulation is present. Leaving the computer for an
> hour or so is also OK. However, it is not OK to start simulations and
> leave them unattended running for days, hogging up the computer
> resources for other possible users.
>
> Simply telling students not to do this will not help. :open_mouth:
>
> So, is there a way to successfully prohibit applications from running?
> Something that would survive renaming and changing the contents (as in
> new versions) of the binary? I guess not.
>
> Any other ideas upon how to accomplish this?

Maybe you could run a cron job to kill all processes that have been running
for more that 2 jours, if they are owned by regular users…


Any time things appear to be going better, you have overlooked
something.

Boot them all :wink:


init 3; sleep 30; init 5


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.37-0.1-default
up 1 day 22:06, 2 users, load average: 0.17, 0.09, 0.05
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 190.18

Anything you do to enforce this, students will find a way around. I used to rename my binaries on a multiprocessor box to look like stale netscape processes, never got caught …

What about asking them to “nice” the simulation, or doing that as root from a script? Is CPU hogging the issue, or memory hogging?

Thanks. I’ll look into that.

Hmm… maybe. I’ll need to think through the consequences of that.

On Wed, 11 Nov 2009 19:16:02 +0000, rackham wrote:

> Rikishi42;2063286 Wrote:
>>
>> Maybe you could run a cron job to kill all processes that have been
>> running
>> for more that 2 jours, if they are owned by regular users…
>>
>>
> Hmm… maybe. I’ll need to think through the consequences of that.

Seems that if the process were to take longer than 2 hours in a normal
run, it would kill the processes regardless of whether the user was there
or not.

Jim

Jim Henderson
openSUSE Forums Moderator

On 2009-11-11, Jim Henderson <hendersj@no-mx.forums.opensuse.org> wrote:
> On Wed, 11 Nov 2009 19:16:02 +0000, rackham wrote:
>
>> Rikishi42;2063286 Wrote:
>>>
>>> Maybe you could run a cron job to kill all processes that have been
>>> running
>>> for more that 2 jours, if they are owned by regular users…
>>>
>>>
>> Hmm… maybe. I’ll need to think through the consequences of that.
>
> Seems that if the process were to take longer than 2 hours in a normal
> run, it would kill the processes regardless of whether the user was there
> or not.

Yes, but the premise was that no process would run longer than a
“reasonable” lapse of time. Running over night, for instance. Or running all
day.

It’s not a perfect way of doing thing, but imagine a student is allowed a
mac of 2 hours at a machine, before making it available fo someone else
again. That max working time can be used, I think.


Any time things appear to be going better, you have overlooked
something.

On Thu, 12 Nov 2009 00:15:03 +0000, Rikishi42 wrote:

> On 2009-11-11, Jim Henderson <hendersj@no-mx.forums.opensuse.org> wrote:
>> On Wed, 11 Nov 2009 19:16:02 +0000, rackham wrote:
>>
>>> Rikishi42;2063286 Wrote:
>>>>
>>>> Maybe you could run a cron job to kill all processes that have been
>>>> running
>>>> for more that 2 jours, if they are owned by regular users…
>>>>
>>>>
>>> Hmm… maybe. I’ll need to think through the consequences of that.
>>
>> Seems that if the process were to take longer than 2 hours in a normal
>> run, it would kill the processes regardless of whether the user was
>> there or not.
>
> Yes, but the premise was that no process would run longer than a
> “reasonable” lapse of time. Running over night, for instance. Or running
> all day.
>
> It’s not a perfect way of doing thing, but imagine a student is allowed
> a mac of 2 hours at a machine, before making it available fo someone
> else again. That max working time can be used, I think.

With that setup, that might work, yes.

Jim


Jim Henderson
openSUSE Forums Moderator