Question:
How can I disable the network for a user on Ubuntu 14.04/16.04?
(The user is not an administrator.)
Answer:
The command to disable the Internet was found on askubuntu :
sudo iptables -A OUTPUT -p all -m owner --uid-owner <user-name> -j DROP
This command drops all packets coming from the user .
Now we need to make this change permanent. In the answer to askubuntu , they suggest creating a script in the /etc/network/if-up.d/ directory that calls the command above:
cd /etc/network/if-up.d/
gksudo gedit block_user
sudo chmod +x block_user
For some reason it didn't work for me :(, after rebooting sudo iptables -L showed the table without mentioning this user.
Another way was found on ubuntu.ru . In addition to placing the script in /etc/network/if-up.d/ , they suggest calling the script from /etc/network/interfaces :
gksudo gedit /etc/network/interfaces
add the last line
post-up /etc/network/if-up.d/block_user
Check after reboot:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere owner UID match <user-name>
It works now.
UPD : Since gksudo is no longer recommended and is about to be deprecated, editing can be done like so: (better open another terminal for this)
sudo -i
enter your password and then work as root. This command also moves to /root. Further:
root:~# cd /etc/network/if-up.d/
root:~# gedit block_users &
root:~# chmod +x block_user
root:~# gedit /etc/network/interfaces
root:~# exit
Note that if you close the terminal as root or do exit , gedit will close. Therefore, this can only be done after editing is completed.
Source: askubuntu .