Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security

+ - Linux Network Access per User 1

Submitted by
Anonymous Coward
Anonymous Coward writes "I'd like to offer shell access to my users, but have been surprised at the lack of restrictions that I can place on them. Disk space quotas are trivial. But what about bandwidth quotas? What about allowing listening but not outgoing sockets, or perhaps the other way around? Disallowing net access for certain groups? I've found no way to do these things, and the 'ports over 1024' restriction for regular users simply doesn't cut it these days.

I should think that my users could be allowed to run their own server programs if so desired without being allowed to run rampant. It seems that I can either block >1024 incoming at the firewall, or let it be abused.

What would you do?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Linux Network Access per User

Comments Filter:
  • iptables -t OUTPUT -A limit-rule --uid-owner 500 --limit 2000/minute

    (untested)
    Sometimes the kernel needs to be recompiled to support packet shaping / CONFIG_NET_SCHED. (I've
    never gotten packet shaping to work because I'm too lazy to recompile a 2.4.XX kernel.)

    Much documentation is already available, check http://lartc.org/ [lartc.org] for example

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay

Working...