Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to create an offline user?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Lars
Apprentice
Apprentice


Joined: 06 Feb 2003
Posts: 152
Location: Germany, near baltic sea

PostPosted: Fri Nov 24, 2017 9:26 am    Post subject: How to create an offline user? Reply with quote

Hi,

is there a way to create a user that have no network access?

This user should:

  • be able to open a browser but should not be able to access the internet.
  • be able to read a pdf with a pdf-reader which is not be able to access the network.
  • be able to access all my local files, but not the nfs shares.
  • not be able to get root.
    Quote:
    This is easy, not be in the wheel group



Please, no answers like cap the cable. Everyone should be able to answer the reason for themselves. 8)
_________________
Quote:
Alles was nicht einfach ist, ist entweder falsch oder zu kompliziert.

V.Glazounov
Back to top
View user's profile Send private message
massimo
Veteran
Veteran


Joined: 22 Jun 2003
Posts: 1207

PostPosted: Fri Nov 24, 2017 9:38 am    Post subject: Re: How to create an offline user? Reply with quote

I suppose you can implement this by using iptables with -m owner.
_________________
Hello 911? How are you?
Back to top
View user's profile Send private message
havana8
n00b
n00b


Joined: 17 Nov 2017
Posts: 14

PostPosted: Fri Nov 24, 2017 2:31 pm    Post subject: Reply with quote

I think so, yes
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Fri Nov 24, 2017 3:51 pm    Post subject: Reply with quote

Well assume its you, and the not so privileged son, I would recommend

That you start the network service as user root yourself everytime. I did that for quite a long time with pptp over the years. I also used startx for the x-server. Same for WIFI. Those network scripts do not even work reliable, on a SAMSUNG stock android tablet, custrom rom nexus 4 smartphone, notebook and such. So I prefer always to start it by myself anyway
Back to top
View user's profile Send private message
jonathan183
Apprentice
Apprentice


Joined: 13 Dec 2011
Posts: 271

PostPosted: Sat Nov 25, 2017 1:11 pm    Post subject: Re: How to create an offline user? Reply with quote

Lars wrote:
Hi,

is there a way to create a user that have no network access?

This user should:

  • be able to open a browser but should not be able to access the internet.
  • be able to read a pdf with a pdf-reader which is not be able to access the network.
  • be able to access all my local files, but not the nfs shares.
  • not be able to get root.

iptables will allow you to limit access to the net. I dont use nfs but suspect you need to limit permissions during mounting. I don't think users would get root unless you grant it ... Is this for someone you trust and just want to restrict access or you are concerned about someone gaining unauthorised access?
Back to top
View user's profile Send private message
nokilli
Apprentice
Apprentice


Joined: 25 Feb 2004
Posts: 170

PostPosted: Sat Nov 25, 2017 5:05 pm    Post subject: Re: How to create an offline user? Reply with quote

Lars wrote:

  • be able to open a browser but should not be able to access the internet.


I'm pretty sure this is Firefox's ultimate goal. Just give them time.
_________________
Today is the first day of the rest of your Gentoo installation.
Back to top
View user's profile Send private message
Ant P.
Advocate
Advocate


Joined: 18 Apr 2009
Posts: 4529

PostPosted: Sat Nov 25, 2017 8:34 pm    Post subject: Reply with quote

You could put the login session for that user in an isolated container, this doesn't even require root to set up:
Code:
~ $ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq state DOWN mode DEFAULT group default qlen 1000
    link/ether 01:23:45:67:89:ab brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
    link/ether 01:23:45:11:23:58 brd ff:ff:ff:ff:ff:ff
~ $ unshare -nr -- ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

_________________
*.ebuild // /etc/service/*
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum