FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-04-2009, 10:18 PM
Luis Maceira
 
Default Restrict Internet Access and User-Groups Management.

A normal user( adduser "normaluser") belongs automatically to the group
normaluser,and only to this one,but he/she can also automatically connect
to the Internet.How can the system administrator restrict the Internet
access to specific users and block all others.With commands like adduser
addgroup etc. I don't see how.
Does it need PAM,Kerberos etc. or is there a more simpler method?





--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 03-05-2009, 12:18 AM
"Boyd Stephen Smith Jr."
 
Default Restrict Internet Access and User-Groups Management.

On Wednesday 04 March 2009 17:18:20 Luis Maceira wrote:
> A normal user( adduser "normaluser") belongs automatically to the group
> normaluser,and only to this one,
> but he/she can also automatically connect
> to the Internet.

Yes, opening sockets on ports > 1024 is allowed to all users.

> How can the system administrator restrict the Internet
> access to specific users and block all others.

There's no completely standard way, and anything external to the system can't
really tell what user is responsible for what packets.

> With commands like adduser
> addgroup etc. I don't see how.
> Does it need PAM,Kerberos etc. or is there a more simpler method?

This can be controlled with SELinux and/or AppArmor, I think. Also, there is
an iptables "owner" module that should be of some help. That should allow you
to reject "normal" outgoing connections from anyone not in a group of your
choosing.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
 

Thread Tools




All times are GMT. The time now is 05:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org