Deny users from accessing network

Hi,

I would like to setup access control for a linux machine, let us say Red
Hat 9. I would like to block all the users, except root, from accessing
network. I looked at the /etc/hosts.deny file, but it allows machine level
control and not user level. Any solution would be helpful.

Thanks,

- Vinayak

Vinayak Naik wrote:
> Hi,
>
> I would like to setup access control for a linux machine, let us say Red
> Hat 9. I would like to block all the users, except root, from accessing
> network. I looked at the /etc/hosts.deny file, but it allows machine level
> control and not user level. Any solution would be helpful.

iptables ought to be able to help with what you want: have a look at the
owner match extension in the iptables man page.

Paul

Vinayak Naik wrote:

> Hi,
>
> I would like to setup access control for a linux machine, let us say Red
> Hat 9. I would like to block all the users, except root, from accessing
> network. I looked at the /etc/hosts.deny file, but it allows machine level
> control and not user level. Any solution would be helpful.
>
> Thanks,
>
> - Vinayak

"I would like to block all the users, except root, from accessing network."
This statement does not make sense. Users, per se, do not access a network
- another machine accesses the network. So it is not *user based* controls
you can implement at a pure network level. You would likely need to
implement a proxy in order to do this (see squid).

However, you can block someone from using a *service* at the user level (ie:
apache, ssh, ftp).

Are you trying to block remote ssh login? If login control:

man sshd_config

look at AllowUsers and AllowGroups

You should also have a specific user that can log in then su - over to root
or use sudo for commands.