On Wed, Jun 05, 2019 at 02:34:30PM +0100, Ian Jackson wrote: > Roberto C. Sánchez writes ("Re: permissions"): > > On Wed, Jun 05, 2019 at 01:40:49PM +0200, nourdebian2...@tutanota.com wrote: > > > Hi > > > We thank you very much for your efforts and great achievements. > > > I have a problem I want to solve. > > > I have created another group and want to prevent it from connecting to > > > the > > > whole machine except for one program either through the firewall or > > > through the permissions. > > > > > > I tried using chmod and removed the execute from the others but the > > > result > > > was as if I removed the execution from the user who is me. > > > What is the solution ? > > > Is there a firewall solution at the software level? what is it ? > > > Is there a solution using permissions? > > > Thank you > > > > To do what you describe requires a mandatory access control system > > (SELinux and AppArmor are two popular choices). > > I don't think this is correct. For traffic originating with local > processes, iptables rules can select on uid and gid.
I interpreted "connecting to the whole machine" as including users logged in locally. > But this > question belongs on -user. > It certainly does. My apologies for not redirecting appropriately. It seems that I have -user and -project mail going into the same folder and I failed to take note of it previously. Regards, -Roberto -- Roberto C. Sánchez