LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-09-2011, 02:32 PM   #1
JJV
Member
 
Registered: Aug 2003
Location: Canada
Distribution: Mandriva2005/Fedora4/Redhat 9 / mandrake 8/win2000 /win xp / Beos /
Posts: 39

Rep: Reputation: 15
Smile User restriction


Hi all at the office we have some open machines meaning clients of the street have access to them these were all windows now we are making them Ubuntu how could I restrict a user account from seeing the local network. Or access the local network

Thank you
JJV
 
Old 05-09-2011, 02:36 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
nothing to do with networking. Moved to Linux - Newbie.

What do you mean by "seeing the network"? Networking is about cables and network cards and IP addresses, you can't stop a user "seeing" this, as it's below the level of a user account. The machine is on a network, not a user. If you're confusing networking with services that happen to require a network, e.g. windows file sharing, then that it not about networking.
 
Old 05-09-2011, 02:37 PM   #3
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
Don't plug in the ethernet cable.
 
Old 05-09-2011, 02:40 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Quote:
Originally Posted by SL00b View Post
Don't plug in the ethernet cable.
Hate to say it, but if it's a genuine network issue, I'm with him...
 
Old 05-09-2011, 02:47 PM   #5
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,200

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
in short, without unplugging the network cable, you can't, however you can remove access to various network programs such as ping, ssh, telnet, ftp, traceroute and ifconfig such that only someone with root access can use them.
 
Old 05-10-2011, 01:41 AM   #6
JJV
Member
 
Registered: Aug 2003
Location: Canada
Distribution: Mandriva2005/Fedora4/Redhat 9 / mandrake 8/win2000 /win xp / Beos /
Posts: 39

Original Poster
Rep: Reputation: 15
Talking User restriction

wow OK maybe I need to explain more 10 computers 5 say workgroup1 and 5 computers workgroup2 all have INTERNET through 1 router if you browse the network in Ubuntu with Nautilus both sets of machines can see and access the different work group's meaning workgroup1 and workgroup2 sins workgroup2 is the staff i would like to configure workgroup1's set off computers so it wont see workgroup2 and wont have access to it. So I kind of don't see it not being network issue. Is that more clear sorry sometimes I think people is smarter than they are and should just know not the case.
 
Old 05-10-2011, 03:46 AM   #7
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Do you mean that computers in workgroup1 can browse folders on workgroup2 machines? This would be controlled by the SAMBA server of the workgroup2 machines (if on Linux) or by the shared folder configuration (if workgroup2's machines run Windows). You could edit the SAMBA/folder sharing permissions to require a password to connect to the shares or (better yet) set up a mechanism to only allow connections from other workgroup2 machines. Since you haven't provided a lot of information about how your network is set up (static vs dynamic addressing, whether user accounts are stored locally vs in a central database such as NIS, LDAP, or Active Directory, etc.) it's hard to advise you on the best way to proceed, but hopefully this will help get you started.
 
Old 05-10-2011, 10:05 AM   #8
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
Again, you're doing a very poor job of explaining the situation. I'm going to assume that, since you mentioned Nautilus, the problem is preventing these public computers on the same LAN segment from seeing file shares.

Don't install Samba on those systems.
 
Old 05-10-2011, 12:23 PM   #9
JJV
Member
 
Registered: Aug 2003
Location: Canada
Distribution: Mandriva2005/Fedora4/Redhat 9 / mandrake 8/win2000 /win xp / Beos /
Posts: 39

Original Poster
Rep: Reputation: 15
Talking User restriction

Well thanks for the info I will look it up. And to (SL00b "Again, you're doing a very poor job of explaining the situation.") if you want to get sarcastic like that don't answer questions ask nicely like "Could you explain a little more' or I don't understand this part could you please explain more...... Thank you for your answer by the way I will look at it to.

To all people If you intend to help build up don't brake down. Not everybody is comfortable in asking for help , some people have a certain way of seeing and expressing things that is not always everybody's way. A little manners and tact can go a long way.
Thank you
Live long and prosper.
 
Old 05-10-2011, 01:03 PM   #10
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
There was no sarcasm in my post. I simply pointed out that you were doing a poor job of explaining your problem... because you were doing such a poor job of explaining your problem. If you fail to explain your problem, nobody can help you.

My first response, "Don't plug in the ethernet cable," is a perfectly viable solution to the problem as you described it. My second response, "Don't install Samba," is a perfectly viable solution to the problem as you described it the second time around. I have no idea if that's the answer you're looking for either, because I'm still just guessing at what it is you're really trying to accomplish.

Personally, I find it incredibly bad manners to present a problem to a community of unpaid volunteers that you're being paid to resolve, and expect them to play a game of Twenty Questions because you're not interested in explaining yourself.
 
Old 05-10-2011, 04:52 PM   #11
JJV
Member
 
Registered: Aug 2003
Location: Canada
Distribution: Mandriva2005/Fedora4/Redhat 9 / mandrake 8/win2000 /win xp / Beos /
Posts: 39

Original Poster
Rep: Reputation: 15
Talking User restriction

OK look we can start flinging words back and forth were you say your peace and I say mine . I am not in the mood for that so .......thanks for the ideas. You are Sarcastic I have bad Manners we are even............lol

I can tel all the fix is add a IP table and Drop All Traffic from a Specific IP on the computer you don't want the access. example iptables -I INPUT -s 12.34.56.87 -j DROP. That will remove that computers ability to see that ip on the network or access it
 
Old 05-10-2011, 04:59 PM   #12
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,200

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
so what i am to understand is that you have a system set up like
Code:
                             router
                               |
                             switch
                               | (192.168.0.0)
                 +----+--+-+-+-+-+---+---+--+----+
                 |    |  | | |   |   |   |  |    |
               wg1-1  2  3 4 5 wg2-1 2   3  4    5
and you want wg1 to only be able to see wg1 computers and likewise wg2 computers to only be able to see wg2 computers?

that would be a matter of a managed switch capable of creating vlans
http://en.wikipedia.org/wiki/Vlan

Code:
                             router
                               |
                            switch 
                     vlan1     |       vlan2
                 (192.168.0.0)/ \   (192.168.1.0)
                 +----+--+-+-+   +---+---+--+----+
                 |    |  | | |   |   |   |  |    |
               wg1-1  2  3 4 5 wg2-1 2   3  4    5
and making sure that the vlans can only talk to the router and not to each other
 
Old 05-10-2011, 05:47 PM   #13
JJV
Member
 
Registered: Aug 2003
Location: Canada
Distribution: Mandriva2005/Fedora4/Redhat 9 / mandrake 8/win2000 /win xp / Beos /
Posts: 39

Original Poster
Rep: Reputation: 15
Talking User restriction

Thank you thank you someone understand lol
Thank you I will look it up a friend told me about the ip rules or dual nic card pc that act like a firewall between router and switch but I am going to look at this thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
User Restriction ghandizzle8 Linux - Newbie 1 02-04-2011 08:06 PM
provide restriction to user pankajkarde Linux - Security 2 03-02-2007 05:29 AM
User account restriction br.man Linux - Newbie 2 04-21-2005 11:58 PM
User restriction on SSH RKris Linux - Software 5 06-22-2003 12:38 PM
Squid user restriction andresurzagasti Linux - Networking 1 02-01-2003 09:56 AM


All times are GMT -5. The time now is 03:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration