LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-29-2004, 11:36 AM   #1
mfo6463
Member
 
Registered: Mar 2004
Posts: 88

Rep: Reputation: 15
Two questions


I have two questions.

1. What is the best firewall for Fedora Core 1?

2. I want to make a user acount that the user can only do small things like use the internet. Is that possible? If so, how?

Last edited by mfo6463; 03-29-2004 at 11:38 AM.
 
Old 03-29-2004, 11:50 AM   #2
Poprocks
Member
 
Registered: Sep 2003
Location: Toronto, Canada
Distribution: Slackware
Posts: 243

Rep: Reputation: 55
1) I believe Fedora Core has a built-in firewall (which is probably like a frontend to IPtables or something) which is probably good enough for most needs. If you want a highly-tuned or completely customized one, you may want to look into running IPtables from a command-line interface.

2) If you make a regular user account (one that cannot become root without a proper password) then that should be good for your needs. A regular user gets his/her own directory located at /home/username, and he/she usually only has access to that directory (though they may evidently create as many subdirectories as they wish) unless you explicitly change that situation (by chmodding certain folders to less restrictive permission settings-- you should generally NOT do that) -- otherwise that person will not be able to access most system files without a password, and hence will not be able to install software, except to local folders, and even then, they won't have access to the RPM database making it a real hassle to do so.

I believe you can create a user in Fedora by using 'redhat-config-users' which can probably be accessed from your menu (otherwise type 'redhat-config-users' in a terminal).

Hope that helps.
 
Old 03-29-2004, 11:58 AM   #3
mfo6463
Member
 
Registered: Mar 2004
Posts: 88

Original Poster
Rep: Reputation: 15
Is there a way I can make it so to download something, the user has to enter a password. The problem I'm having is that I need to make another acount, but everybody that goes on it downloads games and stuff without my permission.
 
Old 03-29-2004, 06:19 PM   #4
mfo6463
Member
 
Registered: Mar 2004
Posts: 88

Original Poster
Rep: Reputation: 15
Anybody know?
 
Old 03-29-2004, 07:31 PM   #5
mfo6463
Member
 
Registered: Mar 2004
Posts: 88

Original Poster
Rep: Reputation: 15
Someone's gotta know.
 
Old 03-29-2004, 11:03 PM   #6
metagore
Member
 
Registered: Sep 2003
Location: Austin TX
Distribution: Slackware 9.1
Posts: 56

Rep: Reputation: 15
No. There's no user authentication in iptables. (that I'm aware of)

Sounds to me like you want to set up a proxy.

Thanks,

Mike
Howto.cc

Last edited by metagore; 03-29-2004 at 11:08 PM.
 
Old 03-29-2004, 11:09 PM   #7
mfo6463
Member
 
Registered: Mar 2004
Posts: 88

Original Poster
Rep: Reputation: 15
ok, I'll try to explain better.

I own this computer. My brother wants to use it. Every time he uses it, a whole bunch of programs, games, etc. get dowloaded onto my computer. I don't really want to kick him off and not let him on because of that (though I will if I have no other choice). So, I need a way that he can go on, but he can't do anything that will harm the system without a password that I make.

How can I do that?
 
Old 03-29-2004, 11:29 PM   #8
metagore
Member
 
Registered: Sep 2003
Location: Austin TX
Distribution: Slackware 9.1
Posts: 56

Rep: Reputation: 15
Have you tried asking him not to download programs and games on to your computer?

If you're dual booting your system, then don't give him a linux login and make him use Windows ...

If you've created a 'user' account for him in Linux, he really can't do much damage to your system.
 
Old 03-29-2004, 11:49 PM   #9
mfo6463
Member
 
Registered: Mar 2004
Posts: 88

Original Poster
Rep: Reputation: 15
Yes, I tried asking him not to, but he didn't listen (he has problems with listening to people...), and I don't want to be mean and not let him use it. I am dual booting, and I have been making him use windows, but he messed up windows so bad, I can't do anything on it. He jammed it up with all sorts of stuff. If I even try to go on the internet, to go to google, I have to type 'g' then wait 10 seconds, then type 'o' then wait more, then type 'o' and wait more, then type 'g' then wait more, and so on............. I don't know what to do..... I don't know how to fix the windows one, and I was planning on just deleting it and having just fedora, but I am afraid he will do the same thing. If I have to, I will just not let him go on at all, unless I'm sitting there watching him. As you can probably already tell, he is not too smart, and not letting him on would probably make him feel bad. He doesnt really have the brain capacity to understand what he is doing, so I want to make an account where he can't do on fedora what he did on windows.

Last edited by mfo6463; 03-29-2004 at 11:50 PM.
 
Old 03-30-2004, 12:13 AM   #10
liamoboyle
Member
 
Registered: Mar 2004
Location: Wellington, New Zealand
Distribution: Debian
Posts: 127

Rep: Reputation: 15
You could firewall everything off, then allow access again when you're on.

iptables -F
iptables -X
iptables -P OUTPUT DROP

This would clear all rules, then tell the kernel to drop all outgoing packets

Or you could disable the network interface when you leave

ifdown eth0

Or you could change the permissions on the web browser executable so he can't run it (assuming he doesn't know how to use command line browsers / ftp programs)

chown root:yourname /usr/local/bin/mozilla
chmod 770 /usr/local/bin/mozilla

These are all dirty hacks though. As it is, he'll be able to waste your bandwidth, but he won't have permissions to damage any serious software or install anything except for himself.
 
Old 03-30-2004, 07:27 AM   #11
mfo6463
Member
 
Registered: Mar 2004
Posts: 88

Original Poster
Rep: Reputation: 15
ok, thanks
 
Old 04-05-2004, 10:50 AM   #12
Poprocks
Member
 
Registered: Sep 2003
Location: Toronto, Canada
Distribution: Slackware
Posts: 243

Rep: Reputation: 55
Simple: don't give him the root password, and give him a regular user account. He won't be able to do squat outside his home directory. And if he begs for it, too bad. Even if he did get it, he probably wouldn't be able to figure out how to load programs onto it anyway. Since you're using Fedora (ugh) most `games' and `junk' that he would want to put on would require dependencies. So... yeah, just don't give him the root password if you're still worried, but generally, a Fedora machine wouldn't be easy for him to mess with.
 
Old 04-05-2004, 04:52 PM   #13
liamoboyle
Member
 
Registered: Mar 2004
Location: Wellington, New Zealand
Distribution: Debian
Posts: 127

Rep: Reputation: 15
He'll still be able to waste your bandwidth though. You could put quota limits on his home directory I guess... but don't ask me how, I've never done it myself. Requires kernel reconfiguration and userland software as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
basic questions on hostname and domain name + related postfix questions Moebius Linux - Newbie 7 09-04-2007 12:50 PM
Solaris - Questions! Questions! Questions! qs_tahmeed Solaris / OpenSolaris 2 07-16-2005 06:27 AM
window manager questions and/or theme questions t3gah Linux - Software 2 02-27-2005 05:16 PM
Some questions... CryptDragoon Linux From Scratch 2 02-04-2004 09:28 PM
few questions? pudhiyavan Linux - General 2 10-03-2003 08:35 AM


All times are GMT -5. The time now is 02:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration