Web lists-archives.com

Re: Running GParted and Synaptic without entering password




On Mon 14 May 2018 at 08:01:05 (-0500), Richard Owlett wrote:

> Only 1 of the four machines within arm's reach are physically
> capable of connecting to the internet. Is there a way to block
> internet access for members of one group - similar to how "dialout"
> might have been used when connectivity was a 56k modem?

AFAIK group dialout gives you access to the serial ports with their
modems, and dip gives you access to ppp's configuration files. These
enable you to configure and instigate connections, but that never
had any effect on users, who can all use the IP link once it's up.

To block a group, I think you'd have to use a packet filter to
drop their outgoing packets. Take a look at
http://ipset.netfilter.org/iptables-extensions.man.html
under the heading "owner".

OTOH it's easy to voluntarily block some browsers from being able
to make non-local connections, eg:   lynx -localhost

Cheers,
David.