How to disable interfaces for different users?

Issues related to configuring your network
Post Reply
jeppezon
Posts: 7
Joined: 2020/11/03 06:41:29

How to disable interfaces for different users?

Post by jeppezon » 2020/11/14 14:41:32

Hello!

I have currently four different network interfaces:

Code: Select all

enp1s0
l0
tun0
virbr0
I also have a user called vpn. I would like to give the vpn user to only have access to tun0 and lo and all the rest of the users on the system should have access to all the interfaces but tun0. So that all applications used by vpn goes though the vpn-connection.

Note that I want the changes to be permanent after rebooting.

aks
Posts: 3045
Joined: 2014/09/20 11:22:14

Re: How to disable interfaces for different users?

Post by aks » 2020/11/14 19:11:06

Why?

jeppezon
Posts: 7
Joined: 2020/11/03 06:41:29

Re: How to disable interfaces for different users?

Post by jeppezon » 2020/11/14 19:36:31

aks wrote:
2020/11/14 19:11:06
Why?

Well, I have some applications that require the vpn-connection. Also I have some applications that I do not want to run over the vpn-connection. So I though if I make a user that can only access the internet via the VPN, then this user can run those applications that require the vpn. Makes sense?

User avatar
jlehtone
Posts: 3172
Joined: 2007/12/11 08:17:33
Location: Finland

Re: How to disable interfaces for different users?

Post by jlehtone » 2020/11/14 19:44:11


aks
Posts: 3045
Joined: 2014/09/20 11:22:14

Re: How to disable interfaces for different users?

Post by aks » 2020/11/15 18:45:27

In NetworkManager you can "assign" permissions permissions= stanza in the (usually in system-connections), which sounds like what you are after (or perhaps not).

This feels like a network issue, it's often better to resolve network issues in the network. I'd go for routing myself, but this may not be possible, depending on the details of your scenario.

Next I'd be looking at the ideas highlighted in the "Linux Advanced Routing and Traffic Control" (albeit a bit out of date, but still functional none the less) doc.

jeppezon
Posts: 7
Joined: 2020/11/03 06:41:29

Re: How to disable interfaces for different users?

Post by jeppezon » 2020/11/16 05:30:47

aks wrote:
2020/11/15 18:45:27
In NetworkManager you can "assign" permissions permissions= stanza in the (usually in system-connections), which sounds like what you are after (or perhaps not).

This feels like a network issue, it's often better to resolve network issues in the network. I'd go for routing myself, but this may not be possible, depending on the details of your scenario.

Next I'd be looking at the ideas highlighted in the "Linux Advanced Routing and Traffic Control" (albeit a bit out of date, but still functional none the less) doc.
Is this what you are talking about for assigning permissions? Set up PolicyKit permissions

I found the following guide Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 16.04 where they accomplish basically the same thing I want to do with a user that only have access to internet with the VPN-user. So I am currently trying to translate the guide to CentOS 8.

Post Reply

Return to “CentOS 8 - Networking Support”