Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
02-04-2007, 04:07 PM
|
#1
|
|
Member
Registered: Feb 2007
Distribution: Vector
Posts: 318
Rep: 
|
How to set up network permissions for user accounts. Restrict network access.
I don't know much about groups and permissions and I am clueless how to restrict access to network for one user account.
I was searching around the tree for something like eth0 and try to deny permissions for the user account but I found no such device file.
I've never dealt with network permissions before and unfortunately don't know much about networking on linux machines.
Walk me through it if you can. I need to completely DENY network access to one user account.
|
|
|
|
|
02-04-2007, 05:03 PM
|
#2
|
|
Member
Registered: Aug 2006
Location: Texas
Distribution: FC6
Posts: 60
Rep:
|
I've never been on a Vector box but I would assume simular to the other distros. You could probably restrict access using either your firewall, or Samba if your running that.
|
|
|
|
|
02-04-2007, 05:10 PM
|
#3
|
|
Member
Registered: Feb 2007
Distribution: Vector
Posts: 318
Original Poster
Rep:
|
To clarify, I need to restrict a LOCAL user, on this machine. I need to restrict OUTGOING traffic/access.
Thanks anyway.
|
|
|
|
|
02-04-2007, 05:31 PM
|
#4
|
|
Moderator
Registered: May 2001
Posts: 24,970
|
There's a few ways depending on how certain it must be:
- use an iptables module like "owner" and deny by UID/GID,
- run account in a chroot and don't supply tools and shell that has network capabilities,
- use the GRSecurity kernel patch,
- SELinux custom rules.
My preference would be to use the GRSecurity kernel patch because it "just works" and has easy managable controls to deny any UID access to client, server or both type of sockets.
|
|
|
|
|
02-04-2007, 06:32 PM
|
#5
|
|
Member
Registered: Feb 2007
Distribution: Vector
Posts: 318
Original Poster
Rep:
|
Is there any way to set permissions to a device file or something like that? I could not find the device file for eth0 anywhere in the tree... I mean its linux, this thing should have like groups and permissions to use each service...
which brings me to the next question:
Can I chmod the network service? If so what files do I need to set the permissions to?
|
|
|
|
|
02-04-2007, 07:12 PM
|
#6
|
|
Moderator
Registered: May 2001
Posts: 24,970
|
Is there any way to set permissions to a device file or something like that?
It doesn't work that way.
I could not find the device file for eth0 anywhere in the tree...
Me neither. Maybe wrong tree. Maybe try Sherwood Forest.
I mean its linux, this thing should have like groups and permissions to use each service...
No, it doesn't work that way, really.
Can I chmod the network service?
Rrrhhaaahhhh! It doesn't work that way!
|
|
|
|
|
02-04-2007, 07:25 PM
|
#7
|
|
Member
Registered: Feb 2007
Distribution: Vector
Posts: 318
Original Poster
Rep:
|
Quote:
|
Originally Posted by unSpawn
Is there any way to set permissions to a device file or something like that?
It doesn't work that way.
I could not find the device file for eth0 anywhere in the tree...
Me neither. Maybe wrong tree. Maybe try Sherwood Forest.
I mean its linux, this thing should have like groups and permissions to use each service...
No, it doesn't work that way, really.
Can I chmod the network service?
Rrrhhaaahhhh! It doesn't work that way!
|
Hey-hey, stop bashing me. Anyway I solved it with one line:
iptables -A OUTPUT -m owner --uid-owner 666 -j DROP
Took a bit of man pages (no not MAXIM or PlayBoy)... I was confused with its usage...
Anyway thats the solution. |
|
|
|
|
02-04-2007, 09:10 PM
|
#8
|
|
Member
Registered: Aug 2006
Location: Texas
Distribution: FC6
Posts: 60
Rep:
|
LOL...interesting thread  Anyway glad you got your firewall restrictions fixed.
unSpawn, show some professionalism :\
Last edited by elmr007; 02-04-2007 at 09:43 PM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 07:35 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
