Does anyone know of a way to prevent a Linux account from accessing the Internet?
E.g., setting a [per-user] gateway to nil, or setting permissions on some node along the path to eth0? It's acceptable to be crude, to prevent such an account from using any network services whatsoever. I can see how to do it brute-forcefully, by wrapping each focus into such a user's process [window] with a script which invokes "ifdown eth0", and invokes "ifup eth0" on the way back out. But that's ugly; something like a permissions-based approach would be much more Linux-like. (The intention is to quarantine a very-untrusted application, for example a program which runs Flash, or any program which displays PDFs, or any other blobs-downloaded-from-the-'net. Adobe Reader(tm), I'm talking to you.) It all has to do with a talk I should do someday, and which has gotten a fresh kick from Eben Moglen's talk at LinuxCon... Many thanks! -Bill _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/