Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Linux Network Access per User 1

Anonymous Coward writes: "I'd like to offer shell access to my users, but have been surprised at the lack of restrictions that I can place on them. Disk space quotas are trivial. But what about bandwidth quotas? What about allowing listening but not outgoing sockets, or perhaps the other way around? Disallowing net access for certain groups? I've found no way to do these things, and the 'ports over 1024' restriction for regular users simply doesn't cut it these days.

I should think that my users could be allowed to run their own server programs if so desired without being allowed to run rampant. It seems that I can either block >1024 incoming at the firewall, or let it be abused.

What would you do?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Linux Network Access per User

Comments Filter:
  • iptables -t OUTPUT -A limit-rule --uid-owner 500 --limit 2000/minute

    Sometimes the kernel needs to be recompiled to support packet shaping / CONFIG_NET_SCHED. (I've
    never gotten packet shaping to work because I'm too lazy to recompile a 2.4.XX kernel.)

    Much documentation is already available, check http://lartc.org/ [lartc.org] for example

If graphics hackers are so smart, why can't they get the bugs out of fresh paint?