From: "Howland, Curtis" <howlandc@kvh.co.jp>
To: "Steve Meyer" <steve11523@hotmail.com>,
<debian-security@lists.debian.org>
Subject: RE: restricting outbound access?
Date: Thu, 16 May 2002 11:59:05 +0900
MIME-Version: 1.0
Received: from [65.125.64.134] by hotmail.com (3.2) with ESMTP id
MHotMailBEAC6C63003A40043197417D40860C4B0; Wed, 15 May 2002 20:03:01 -0700
Received: (qmail 624 invoked by uid 38); 16 May 2002 03:01:57 -0000
Received: (qmail 589 invoked from network); 16 May 2002 03:01:57 -0000
Received: from gw-jp101e.kvh.co.jp (61.120.193.20) by murphy.debian.org
with SMTP; 16 May 2002 03:01:57 -0000
Received: (from smtp@localhost)by gw-jp101e.kvh.co.jp (8.8.7/8.8.7) id
MAA21397;Thu, 16 May 2002 12:01:28 +0900 (JST)
Received: from jpkvhms1(192.168.0.210) by gw-jp101e via smap (V2.0)id
xma021389; Thu, 16 May 02 12:01:23 +0900
Received: from jpkvhms2.tel.kvh.co.jp ([192.168.0.211]) by
jpkvhms1.tel.kvh.co.jp with Microsoft SMTPSVC(5.0.2195.4453); Thu, 16 May
2002 12:01:33 +0900
From bounce-debian-security Wed, 15 May 2002 20:03:50 -0700
X-Envelope-Sender: howlandc@kvh.co.jp
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: <[🔎] FBBD2DD3FF1ECA42817E762126D2FB0E05CAE4@jpkvhms2.tel.kvh.co.jp>
Thread-Topic: restricting outbound access?
Thread-Index: AcH8hB0bx6zNtQf+T+OgiE0K7RywbQAAHQ9Q
X-OriginalArrivalTime: 16 May 2002 03:01:33.0254 (UTC)
FILETIME=[FC0B6660:01C1FC85]
Resent-Message-ID: <zvJnNB.A.nJ.lEy48@murphy>
Resent-From: debian-security@lists.debian.org
X-Mailing-List: <debian-security@lists.debian.org> archive/latest/7287
X-Loop: debian-security@lists.debian.org
List-Post: <mailto:debian-security@lists.debian.org>
List-Help: <mailto:debian-security-request@lists.debian.org?subject=help>
List-Subscribe:
<mailto:debian-security-request@lists.debian.org?subject=subscribe>
List-Unsubscribe:
<mailto:debian-security-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-security-request@lists.debian.org
How about group access privileges on the offending executables?
Seems to me to be the natural method of restricting access to stuff.
Curt-
> I have a question. Is there any way to restrict outbound
> access for all but
> a few users? I know with iptables you can block outbound
> traffic completely
> but that wont work in my situation. There are about 150
> users of my server
> and only 3 of them need outbound access so I am kind of in a sticky
> situation. Any help would be greatly appreciated.
>
> Thanks in advance
>
> Steve Meyer
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org