Re: full networking for console user, limited networking for remotely logged in user
From: Joe Beanfish (joebeanfish_at_nospam.duh)
Date: 08/15/03
- Next message: Shashank Khanvilkar: "mgetty configuration for conexant modems on Redhat."
- Previous message: Patch: "Connect-a-thon test and Redhat 8"
- In reply to: /dev/rob0: "Re: full networking for console user, limited networking for remotely logged in user"
- Next in thread: /dev/rob0: "Re: full networking for console user, limited networking for remotely logged in user"
- Reply: /dev/rob0: "Re: full networking for console user, limited networking for remotely logged in user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 15 Aug 2003 14:28:56 -0400
/dev/rob0 wrote:
>
> [followup-to set]
> In article <ec37897e.0308140027.f27cdce@posting.google.com>, RJ41 wrote:
> > I need to setup a lab. such that the users logged on to console have
> > full access of lan and internet but, users remotely logging(via
> > telnet/ssh) into the lab servers would be allowed only to access lan(
>
> See the iptables "owner" match extension ("man iptables"). If you have a
> fixed list of authorised and unauthorised users, this will be easy:
> simply assign the remote users to a single group, and use -m owner to
> block that GID.
>
> I'm not sure how pid-owner and sid-owner work, but those might make it
> even easier, if they can exclude any process started under sshd or
> telnetd. Perhaps someone else will know?
>
> If users might alternate between console and remote logins, this would
> be more complicated and possibly weak. You could use the shell to set
> the effective GID when logging in. That of course opens up a lot of
> other shell issues.
>
> > I would use RedHat 9.0.
>
> Note that Red Hat by default puts all new user accounts in per-user
> unique groups. You might have to override this default (and change any
> accounts which already exist.)
Users may belong to more than one group.
- Next message: Shashank Khanvilkar: "mgetty configuration for conexant modems on Redhat."
- Previous message: Patch: "Connect-a-thon test and Redhat 8"
- In reply to: /dev/rob0: "Re: full networking for console user, limited networking for remotely logged in user"
- Next in thread: /dev/rob0: "Re: full networking for console user, limited networking for remotely logged in user"
- Reply: /dev/rob0: "Re: full networking for console user, limited networking for remotely logged in user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
