How can I disable the network for a user on Ubuntu 14.04/16.04?
(The user is not an administrator.)
The command to disable the Internet was found on askubuntu :
sudo iptables -A OUTPUT -p all -m owner --uid-owner <user-name> -j DROP
This command drops all packets coming from the user .
Now we need to make this change permanent. In the answer to askubuntu , they suggest creating a script in the
/etc/network/if-up.d/ directory that calls the command above:
cd /etc/network/if-up.d/ gksudo gedit block_user sudo chmod +x block_user
For some reason it didn't work for me :(, after rebooting
sudo iptables -L showed the table without mentioning this user.
Another way was found on ubuntu.ru . In addition to placing the script in
/etc/network/if-up.d/ , they suggest calling the script from
gksudo gedit /etc/network/interfaces
add the last line
Check after reboot:
$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere owner UID match <user-name>
It works now.
UPD : Since
gksudo is no longer recommended and is about to be deprecated, editing can be done like so: (better open another terminal for this)
enter your password and then work as root. This command also moves to /root. Further:
root:~# cd /etc/network/if-up.d/ root:~# gedit block_users & root:~# chmod +x block_user root:~# gedit /etc/network/interfaces root:~# exit
Note that if you close the terminal as root or do
gedit will close. Therefore, this can only be done after editing is completed.
Source: askubuntu .