July 13, 2007

Lock in productivity with Lockout utility

Author: David A. Harding

You can stop computer-based slacking -- like the compulsive reloading of Digg or Reddit at the expense of productivity -- with a few changes to your computer's DNS profile, and enforce the changes using Lockout, a tool designed to enforce discipline and increase productivity.

Lockout's methods are simple: after configuring your system to prevent slacking, Lockout prevents you from becoming the administrative superuser, root, for a set amount of time. There are only two ways to get root access back: wait until the set amount of time passes and Lockout returns control to you, or reboot the computer. Lockout assumes GNU/Linux users, not accustomed to rebooting, will do something productive while waiting for their systems to unlock.

Written in Perl and licensed under the GNU GPL, Lockout is easy to install, but the procedure varies by distribution. Debian and Ubuntu Universe users can install the lockout package. Fedora users, and users of most other RPM-based distributions, can install the RPM on the Lockout homepage. Users of other distributions can download the tarball (.tgz) package from the Lockout homepage and, as root, unpack it in the root directory. Lockout's only requirements are cron and Perl, which are installed by default on almost all distributions.

A misconfiguration could cause Lockout to fail to unlock your system, leaving you without root access. To ensure Lockout unlocks your system correctly the first time you run it, open a terminal emulator, become the superuser (use su or sudo su), and minimize the terminal for emergency use. Then, in another terminal window, run Lockout (as root) with the following command: lockout lock 1m. Lockout will examine its environment, ensure it is correctly installed, and then lock your system for one minute.

The perilous part of the first Lockout run is the first unlock. Any user can run the command lockout status to discover whether the system is locked and to see the amount of time remaining until it is automatically unlocked. If, after that much time passes, lockout status prints the following error, lockout has failed to unlock the system:

Your system should have been unlocked by now. Is cron running? If not, you might have a problem. Try rebooting your machine first. If that doesn't restore the root password, try booting in single user mode to change the password. Good luck.

If this happens, use the minimized emergency terminal emulator logged in as root to restore superuser access with the following command: lockout unlock force. You should then find out why the Lockout unlock cron job, installed into /etc/cron.d/lockout, didn't run.

Assuming your system unlocked as expected -- that is, you didn't receive the error message above -- you can begin making changes to your DNS profile; later we'll automate the changes. The following lines, added to /etc/hosts, will prevent your Web browser from displaying the Digg and Reddit main pages.       digg.com       reddit.com

Note: Mozilla Firefox and derivative browsers cache DNS information for one minute. So, if you load one of the blocked sites immediately before making the changes above, you'll have to wait one minute until it is blocked. The cache can be eliminated, but this may cause all Web sites to load slower.

We use the network address, a rarely used synonym for the loopback device, so that we can easily enable and disable the DNS changes from Lockout with the sed command. Place the first uncommented line below, starting with the command sed, in the file /etc/lockout/lock.sh; this script is run when the system is locked. Place the second uncommented line in /etc/lockout/unlock.sh; this script is run when the system is unlocked.

#### Add to /etc/lockout/lock.sh ####
# Removes the leading comment from lines starting with # in /etc/hosts
sed -ie '/^#0\.0\.0\.0/s/#//' /etc/hosts

#### Add to /etc/lockout/unlock.sh ####
# Restores the leading comment to lines starting with in /etc/hosts
sed -ie '/^0\.0\.0\.0/s/^/#/' /etc/hosts

Now, when activated with the command lockout lock 1m, Lockout will block Digg and Reddit and unblock them one minute later when the system automatically unlocks.

If you use the sudo authentication method, or any other method that permits root access without typing the root password, you need to disable it while the system is locked or Lockout will be ineffective. Since sudo depends on reading the file /etc/sudoers, the easiest way to disable sudo is to make that file temporarily unreadable. The following two uncommented lines, each added to the appropriate file, will change the read permissions appropriately.

#### Add to /etc/lockout/lock.sh ####
# Removes user and group read permissions from /etc/sudoers
chmod ug-r /etc/sudoers

#### Add to /etc/lockout/unlock.sh ####
# Restores user and group read permissions from /etc/sudoers
chmod ug+r /etc/sudoers

Once you have the preliminaries out of the way, using Lockout is easy. It accepts most reasonable time specifications; all of the following commands are valid:

lockout lock 30m # no slacking for 30 minutes
lockout lock 1h # no slacking for 1 hour
lockout lock 12:00 # no slacking until noon
lockout lock 8pm # no slacking until 8 p.m.

You can monitor Lockout status by opening a small terminal window, placing it in an unused part of your desktop, and running the following command: watch -n 10 lockout status.

Disabling or restricting other services is as simple as adding command lines to lock.sh and unlock.sh. For example, Lockout includes a sample firewall script, described in the lockout(1) manual page, that will block most of the Internet. A careful analysis of your computer-based slacking habits will guide you in best configuring Lockout.


  • Tools & Utilities
Click Here!