LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-03-2003, 02:52 PM   #1
MikeyCarter
Member
 
Registered: Feb 2003
Location: Orangeville
Distribution: Fedora
Posts: 448

Rep: Reputation: 31
Question Is it possible to restrict network interface by user


This security may be overboard but I thought I'd ask.

Is there a way to restrict network interface by user.

Example: my computer has two network cards in it... I want to restrict eth1 to only root and myself. Where I want eth0 to be accessable by everyone.

Is this possible? Can anyone point me to a HOW-TO document?

 
Old 06-04-2003, 12:50 AM   #2
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
i think i saw this in a post a while ago using iptables...there may be a uid option..i'll take a look around and if i see something i'll post again.
 
Old 06-04-2003, 01:02 AM   #3
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
from doing "man iptables" there is the following:

--uid-owner userid


i dont know how to use this...but it's there. It was in the MATCH EXTENSIONS section ( -m ) but i couldnt get it to work.

Code:

from     man  iptables  
 owner
       This module attempts to match various characteristics of the packet creator, for locally-generated
       packets.   It  is  only  valid  in the OUTPUT chain, and even this some packets (such as ICMP ping
       responses) may have no owner, and hence never match.

       --uid-owner userid
              Matches if the packet was created by a process with the given effective user id.

       --gid-owner groupid
              Matches if the packet was created by a process with the given effective group id.

       --pid-owner processid
              Matches if the packet was created by a process with the given process id.

       --sid-owner sessionid
              Matches if the packet was created by a process in the given session group.

       --cmd-owner name
              Matches if the packet was created by a process with the given command name.   (this  option
              is present only if iptables was compiled under a kernel supporting this feature)



i tried this and it didnt work :

iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT

(to allow all output by root user)...gave me Invalid

Last edited by Robert0380; 06-05-2003 at 07:14 PM.
 
Old 06-05-2003, 07:15 PM   #4
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
did you get this to work? if so, what does the rule look like.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I restrict a particular user to use only XFCE? rsamurti Slackware - Installation 8 10-25-2006 08:36 AM
restrict user to folder disorderly Linux - Security 5 03-02-2005 09:49 PM
To restrict a specific user simi_virgo Linux - Newbie 1 02-26-2005 12:03 AM
how to restrict the user simi_virgo Linux - Newbie 2 02-25-2005 06:31 AM
Restrict User to FTP Only maxhugen Linux - Security 3 10-23-2003 06:01 PM


All times are GMT -5. The time now is 09:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration