Hey all! I am admin of a multi-user computer. I'd like to restrict access to internet (or LAN) to only certain trusted accounts. How can I do this. Running Mandrake 10.0 Community w/ 2.6.3 kernel.

Iptables has an owner match that you can use to place restrictions on your users access to the network.

$ /sbin/iptables -m owner -h
...

OWNER match v1.2.8 options:
[!] --uid-owner userid Match local uid
[!] --gid-owner groupid Match local gid
[!] --pid-owner processid Match local pid
[!] --sid-owner sessionid Match local sid
[!] --cmd-owner name Match local command name

Since Mandrake uses shorewall it might be helpful for you to take a look at http://www.shorewall.net/UserSets.html.

Could you post more information about what firewall configuration you are using?

I have no firewall on that particular computer, which sits behind my NAT router, which does have firewalling capabilities. All I want to do is restrict one user account from using the network.

If you have no firewall on that computer to consider then you could easily add a rule to the OUTPUT chain using iptables without interfering with anything. Try something like:

# /sbin/iptables -I OUTPUT -j REJECT -m owner --uid-owner <restricteduser>
# /sbin/service iptables save
# /sbin/chkconfig iptables on

That would prevent <restricteduser> from accessing anything via the network.