Web lists-archives.com

Re: Running GParted and Synaptic without entering password




On 2018-05-15, Richard Owlett <rowlett@xxxxxxxxxxx> wrote:

>> To block a group, I think you'd have to use a packet filter to
>> drop their outgoing packets. Take a look at
>> http://ipset.netfilter.org/iptables-extensions.man.html
>> under the heading "owner".
>
> That gives just enough information to tantalize ;[
> What should I search for to see a sample use.
> My only iptable knowledge is that they exist.
>

Apparently you can create a group:

 sudo groupadd nonetty

Add existing user 'lydia'(and anyone else you'd like) to the group

 sudo usermod -a -G nonetty lydia

Then an iptables rule like this

 iptables -I OUTPUT 1 -m owner --gid-owner nonetty -j DROP

would prevent lydia (and others in the nonetty group) from riding
the innertubes.

I believe. More well-informed minds might pipe up or chime in at
this point, who knows?

(I'm looking at the link above without instantaneous edification, BTW.)