Restrict access to some websites for different users

On a Debian based system; as the superuser, I need to restrict access to some websites but specific to user. For instance, abc.com for user1, xyz.com for user2...

I tried /etc/hosts file. Adding a line like

127.0.0.1 abc.com

does what I want. But it applies to all users as there are only one hosts file. As far as I learn so far, it is not possible to configure hosts file for different users. Are there any other ways of doing this?


If users are locally logged in, you can use iptables:

iptables -A OUTPUT -o EXTERNAL_IF -m owner --uid-owner USERNAME -d DESTINATION_WEB -j REJECT

where:

  • EXTERNAL_IF is the name of the Internet-bound interface (e.g. eth0)
  • USERNAME is the login id of the restricted user
  • DESTINATION_WEB is the DNS name or IP address of the destination website. Beware of sites that host many websites (such as blogger) or those that have multiple public IPs (such as Google)