How to set up network permissions for user accounts. Restrict network access.
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to set up network permissions for user accounts. Restrict network access.
I don't know much about groups and permissions and I am clueless how to restrict access to network for one user account.
I was searching around the tree for something like eth0 and try to deny permissions for the user account but I found no such device file.
I've never dealt with network permissions before and unfortunately don't know much about networking on linux machines.
Walk me through it if you can. I need to completely DENY network access to one user account.
I've never been on a Vector box but I would assume simular to the other distros. You could probably restrict access using either your firewall, or Samba if your running that.
There's a few ways depending on how certain it must be:
- use an iptables module like "owner" and deny by UID/GID,
- run account in a chroot and don't supply tools and shell that has network capabilities,
- use the GRSecurity kernel patch,
- SELinux custom rules.
My preference would be to use the GRSecurity kernel patch because it "just works" and has easy managable controls to deny any UID access to client, server or both type of sockets.
Is there any way to set permissions to a device file or something like that? I could not find the device file for eth0 anywhere in the tree... I mean its linux, this thing should have like groups and permissions to use each service...
which brings me to the next question:
Can I chmod the network service? If so what files do I need to set the permissions to?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.