tags:

views:

65

answers:

1
+1  Q: 

blocking access to network services to a user in linux

is it possible to give a user an account on a linux machine while blocking his access to network services (say, don't let him open tcp connections to port 80 on the internet).

I know a firewall can do this, but I would like something in the unix philosohpy (everything is a file). perhaps there is somewhere a file that represents port 80 or something like that?

+7  A: 

No, this specific scenario requires a packet filter (namely iptables) on the local machine, using the --uid-owner or --gid-owner conditions.

Untested:

iptables -t filter -A OUTPUT --uid-owner 100 --dport 80 -j REJECT
Jan Jungnickel  2009-03-09 09:07:35

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?