Home / ubuntu / Questions / 26298
Accepted
John
Asked: 2011-02-15 03:32:09 +0800 CST

Restrictions on a user account

  • 772

Is there a way I can restrict the Internet connection and application use of another user account?

What I'd like to do is let that account connect for the use of Dropbox, but otherwise have no Internet access. Also, have a list of applications that the user can use, or better, a list that they cannot.

user-management

2 Answers

  1. Best Answer

    For the internet connection, you'd have to create a script which ran on login which defines ufw rules to govern the conneciton. You'd have to create one for yourself too in order to ensure that you don't inherit that profile when you login.

    Dropbox is tricky since it uses Amazon ECS servers. It's an extensive list of target addresses. Something like :

    ufw allow proto tcp from any to <target address 1> port 80
ufw allow proto tcp from any to <target address 2> port 80
...

    Then to switch back to "your" profile, something like :

    ufw reset
ufw enable

    The full list of IP addresses is included at the bottom.

    The allow/deny of programs can be achieved by configuring /etc/sudoers, but I'm not certain if you can restrict programs that don't require sudo. Well, you can, by changing the persmissions of /usr/bin for example, but it's not amazingly elegant. By which I mean, there's no nice GUI for doing so.

    I'll try to add more detail once I'm sitting at my Ubuntu machine.

    Dropbox IP addresses :

    75.126.110.0/24
173.193.134.0/24
173.194.37.0/24
174.36.51.0/24
174.36.30.0/24
174.129.195.0/24
174.129.196.0/24
174.129.27.0/24
184.72.255.0/24
184.73.211.0/24
208.43.202.0/24
208.43.219.0/24
208.43.223.0/24
204.236.220.0/24
    • 1

  2. Did you consider using some parental control solution? You may find what you need on this thread on ubuntuforums.

    • 1