LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-04-2007, 04:07 PM   #1
r00tb33r
Member
 
Registered: Feb 2007
Distribution: Vector
Posts: 318

Rep: Reputation: 31
How to set up network permissions for user accounts. Restrict network access.


I don't know much about groups and permissions and I am clueless how to restrict access to network for one user account.
I was searching around the tree for something like eth0 and try to deny permissions for the user account but I found no such device file.
I've never dealt with network permissions before and unfortunately don't know much about networking on linux machines.
Walk me through it if you can. I need to completely DENY network access to one user account.
 
Old 02-04-2007, 05:03 PM   #2
elmr007
Member
 
Registered: Aug 2006
Location: Texas
Distribution: FC6
Posts: 60

Rep: Reputation: 15
I've never been on a Vector box but I would assume simular to the other distros. You could probably restrict access using either your firewall, or Samba if your running that.
 
Old 02-04-2007, 05:10 PM   #3
r00tb33r
Member
 
Registered: Feb 2007
Distribution: Vector
Posts: 318

Original Poster
Rep: Reputation: 31
To clarify, I need to restrict a LOCAL user, on this machine. I need to restrict OUTGOING traffic/access.
Thanks anyway.
 
Old 02-04-2007, 05:31 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
There's a few ways depending on how certain it must be:
- use an iptables module like "owner" and deny by UID/GID,
- run account in a chroot and don't supply tools and shell that has network capabilities,
- use the GRSecurity kernel patch,
- SELinux custom rules.
My preference would be to use the GRSecurity kernel patch because it "just works" and has easy managable controls to deny any UID access to client, server or both type of sockets.
 
Old 02-04-2007, 06:32 PM   #5
r00tb33r
Member
 
Registered: Feb 2007
Distribution: Vector
Posts: 318

Original Poster
Rep: Reputation: 31
Is there any way to set permissions to a device file or something like that? I could not find the device file for eth0 anywhere in the tree... I mean its linux, this thing should have like groups and permissions to use each service...
which brings me to the next question:
Can I chmod the network service? If so what files do I need to set the permissions to?
 
Old 02-04-2007, 07:12 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Is there any way to set permissions to a device file or something like that?
It doesn't work that way.


I could not find the device file for eth0 anywhere in the tree...
Me neither. Maybe wrong tree. Maybe try Sherwood Forest.


I mean its linux, this thing should have like groups and permissions to use each service...
No, it doesn't work that way, really.


Can I chmod the network service?
Rrrhhaaahhhh! It doesn't work that way!
 
Old 02-04-2007, 07:25 PM   #7
r00tb33r
Member
 
Registered: Feb 2007
Distribution: Vector
Posts: 318

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by unSpawn
Is there any way to set permissions to a device file or something like that?
It doesn't work that way.


I could not find the device file for eth0 anywhere in the tree...
Me neither. Maybe wrong tree. Maybe try Sherwood Forest.


I mean its linux, this thing should have like groups and permissions to use each service...
No, it doesn't work that way, really.


Can I chmod the network service?
Rrrhhaaahhhh! It doesn't work that way!
Hey-hey, stop bashing me. Anyway I solved it with one line:

iptables -A OUTPUT -m owner --uid-owner 666 -j DROP

Took a bit of man pages (no not MAXIM or PlayBoy)... I was confused with its usage...
Anyway thats the solution.
 
Old 02-04-2007, 09:10 PM   #8
elmr007
Member
 
Registered: Aug 2006
Location: Texas
Distribution: FC6
Posts: 60

Rep: Reputation: 15
LOL...interesting thread Anyway glad you got your firewall restrictions fixed.

unSpawn, show some professionalism :\

Last edited by elmr007; 02-04-2007 at 09:43 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to restrict user permissions solnitza Linux - Newbie 5 08-26-2005 03:58 PM
How do you set up (Windows) Wireless network access death_au Linux - Wireless Networking 1 08-09-2005 09:11 AM
Setting user network permissions beforemath Linux - Networking 2 02-28-2005 03:53 PM
Restrict Network Access alxdotnet Linux - Software 3 04-10-2004 10:05 PM
Is it possible to restrict network interface by user MikeyCarter Linux - Security 3 06-05-2003 07:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration