Akshay Lamba wrote: > Welcome amigo. An option is to have squid on the box itself and point > your browser to the IP and port. You can block all or selective access > for that IP then. Or have it authenticate via PAM on the local machine > before giving access. > > Although, I'm sure there's a much easier and cleaner way of getting this > done.
Sure there is.. You can :- - Remove the default route using sudo as part of his .bashrc - ifconfig down the interface - Set an iptables rule to drop all outbound traffic - Deny him access to the web browser The easy way to do it is have 2 logins for the machine. Yours and his. Each user has their own copy of the wireless config. If you know the router password and he does not, he can't authenticate with the wireless router. Easy :) That is probably the best solution (though you don't want to log in to the router from his account *ever* or it will likely leave traces of the credentials in the gconf database. If he really tries hard he might get around most of these suggestions, but then whadda ya gonna do.. Brad -- "Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so." -- Douglas Adams
