Web lists-archives.com

Re: Running GParted and Synaptic without entering password




On 05/15/2018 07:37 AM, Curt wrote:
On 2018-05-15, Richard Owlett <rowlett@xxxxxxxxxxx> wrote:

To block a group, I think you'd have to use a packet filter to
drop their outgoing packets. Take a look at
http://ipset.netfilter.org/iptables-extensions.man.html
under the heading "owner".

That gives just enough information to tantalize ;[
What should I search for to see a sample use.
My only iptable knowledge is that they exist.


Apparently you can create a group:

  sudo groupadd nonetty

Add existing user 'lydia'(and anyone else you'd like) to the group

  sudo usermod -a -G nonetty lydia

Then an iptables rule like this

  iptables -I OUTPUT 1 -m owner --gid-owner nonetty -j DROP

would prevent lydia (and others in the nonetty group) from riding
the innertubes.

I believe. More well-informed minds might pipe up or chime in at
this point, who knows?

(I'm looking at the link above without instantaneous edification, BTW.)



Thank you.
I'll sit down with the iptables man page to parse your suggested rule.

Since I posted, I have:
1. (re?)discovered that the USB connected T-Mobile hotspot used
    appears to system as "ETHERNET - wired connection1".
    The associated screen displays several things to explore which
    may be useful.
2. found
 [https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html]
 Its last example may be useful to deal with gparted.