Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

+ - Linux Network Access per User 1

Submitted by
Anonymous Coward
Anonymous Coward writes: "I'd like to offer shell access to my users, but have been surprised at the lack of restrictions that I can place on them. Disk space quotas are trivial. But what about bandwidth quotas? What about allowing listening but not outgoing sockets, or perhaps the other way around? Disallowing net access for certain groups? I've found no way to do these things, and the 'ports over 1024' restriction for regular users simply doesn't cut it these days.

I should think that my users could be allowed to run their own server programs if so desired without being allowed to run rampant. It seems that I can either block >1024 incoming at the firewall, or let it be abused.

What would you do?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Linux Network Access per User

Comments Filter:
  • iptables -t OUTPUT -A limit-rule --uid-owner 500 --limit 2000/minute

    (untested)
    Sometimes the kernel needs to be recompiled to support packet shaping / CONFIG_NET_SCHED. (I've
    never gotten packet shaping to work because I'm too lazy to recompile a 2.4.XX kernel.)

    Much documentation is already available, check http://lartc.org/ [lartc.org] for example

"Thank heaven for startups; without them we'd never have any advances." -- Seymour Cray

Working...