[Please make sure you reply to the list] Sthu Deus a écrit : > You worte: > >>> Whats' wrong w/ my set up (I want to allow output traffic for the >>> users that are in the allowed group only): >>> >>> iptables -I OUTPUT 1 -m owner ! --gid-owner allowed -j DROP >>> >>> but what I get is that all the users including those in the allowed >>> group are blocked. >> --gid-owner does not match /any/ group the user sending the packet >> belongs to ; it matches the group id of the process sending the >> packet. Unless you change it e.g. with newgrp, the current group id >> is the user's default group id. > > I did not understand how change it w/ "newgrp". > > Did You mean to include the users to a new group?
No. I mean to run the command in an environment where the command 'id' would report 'allowed' as the current gid, not only in the list of groups. For example : $ newgrp allowed $ <command> or $ sg allowed '<command>' -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fbbea48.1010...@plouf.fr.eu.org
