Roberto C. Sánchez writes ("Re: permissions"):
> On Wed, Jun 05, 2019 at 01:40:49PM +0200, [email protected] wrote:
> > Hi
> > We thank you very much for your efforts and great achievements.
> > I have a problem I want to solve.
> > I have created another group and want to prevent it from connecting to
> > the
> > whole machine except for one program either through the firewall or
> > through the permissions.
> >
> > I tried using chmod and removed the execute from the others but the
> > result
> > was as if I removed the execution from the user who is me.
> > What is the solution ?
> > Is there a firewall solution at the software level? what is it ?
> > Is there a solution using permissions?
> > Thank you
>
> To do what you describe requires a mandatory access control system
> (SELinux and AppArmor are two popular choices).
I don't think this is correct. For traffic originating with local
processes, iptables rules can select on uid and gid. But this
question belongs on -user.
Ian.
--
Ian Jackson <[email protected]> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
