LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Two questions (https://www.linuxquestions.org/questions/linux-newbie-8/two-questions-163757/)

mfo6463 03-29-2004 10:36 AM

Two questions
 
I have two questions.

1. What is the best firewall for Fedora Core 1?

2. I want to make a user acount that the user can only do small things like use the internet. Is that possible? If so, how?

Poprocks 03-29-2004 10:50 AM

1) I believe Fedora Core has a built-in firewall (which is probably like a frontend to IPtables or something) which is probably good enough for most needs. If you want a highly-tuned or completely customized one, you may want to look into running IPtables from a command-line interface.

2) If you make a regular user account (one that cannot become root without a proper password) then that should be good for your needs. A regular user gets his/her own directory located at /home/username, and he/she usually only has access to that directory (though they may evidently create as many subdirectories as they wish) unless you explicitly change that situation (by chmodding certain folders to less restrictive permission settings-- you should generally NOT do that) -- otherwise that person will not be able to access most system files without a password, and hence will not be able to install software, except to local folders, and even then, they won't have access to the RPM database making it a real hassle to do so.

I believe you can create a user in Fedora by using 'redhat-config-users' which can probably be accessed from your menu (otherwise type 'redhat-config-users' in a terminal).

Hope that helps.

mfo6463 03-29-2004 10:58 AM

Is there a way I can make it so to download something, the user has to enter a password. The problem I'm having is that I need to make another acount, but everybody that goes on it downloads games and stuff without my permission.

mfo6463 03-29-2004 05:19 PM

Anybody know?

mfo6463 03-29-2004 06:31 PM

Someone's gotta know.

metagore 03-29-2004 10:03 PM

No. There's no user authentication in iptables. (that I'm aware of)

Sounds to me like you want to set up a proxy.

Thanks,

Mike
Howto.cc

mfo6463 03-29-2004 10:09 PM

ok, I'll try to explain better.

I own this computer. My brother wants to use it. Every time he uses it, a whole bunch of programs, games, etc. get dowloaded onto my computer. I don't really want to kick him off and not let him on because of that (though I will if I have no other choice). So, I need a way that he can go on, but he can't do anything that will harm the system without a password that I make.

How can I do that?

metagore 03-29-2004 10:29 PM

Have you tried asking him not to download programs and games on to your computer? :)

If you're dual booting your system, then don't give him a linux login and make him use Windows ...

If you've created a 'user' account for him in Linux, he really can't do much damage to your system.

mfo6463 03-29-2004 10:49 PM

Yes, I tried asking him not to, but he didn't listen (he has problems with listening to people...), and I don't want to be mean and not let him use it. I am dual booting, and I have been making him use windows, but he messed up windows so bad, I can't do anything on it. He jammed it up with all sorts of stuff. If I even try to go on the internet, to go to google, I have to type 'g' then wait 10 seconds, then type 'o' then wait more, then type 'o' and wait more, then type 'g' then wait more, and so on............. I don't know what to do..... I don't know how to fix the windows one, and I was planning on just deleting it and having just fedora, but I am afraid he will do the same thing. If I have to, I will just not let him go on at all, unless I'm sitting there watching him. As you can probably already tell, he is not too smart, and not letting him on would probably make him feel bad. He doesnt really have the brain capacity to understand what he is doing, so I want to make an account where he can't do on fedora what he did on windows.

liamoboyle 03-29-2004 11:13 PM

You could firewall everything off, then allow access again when you're on.

iptables -F
iptables -X
iptables -P OUTPUT DROP

This would clear all rules, then tell the kernel to drop all outgoing packets

Or you could disable the network interface when you leave

ifdown eth0

Or you could change the permissions on the web browser executable so he can't run it (assuming he doesn't know how to use command line browsers / ftp programs)

chown root:yourname /usr/local/bin/mozilla
chmod 770 /usr/local/bin/mozilla

These are all dirty hacks though. As it is, he'll be able to waste your bandwidth, but he won't have permissions to damage any serious software or install anything except for himself.

mfo6463 03-30-2004 06:27 AM

ok, thanks

Poprocks 04-05-2004 09:50 AM

Simple: don't give him the root password, and give him a regular user account. He won't be able to do squat outside his home directory. And if he begs for it, too bad. Even if he did get it, he probably wouldn't be able to figure out how to load programs onto it anyway. Since you're using Fedora (ugh) most `games' and `junk' that he would want to put on would require dependencies. So... yeah, just don't give him the root password if you're still worried, but generally, a Fedora machine wouldn't be easy for him to mess with.

liamoboyle 04-05-2004 03:52 PM

He'll still be able to waste your bandwidth though. You could put quota limits on his home directory I guess... but don't ask me how, I've never done it myself. Requires kernel reconfiguration and userland software as well.


All times are GMT -5. The time now is 09:13 PM.