Lock down WWW Access

[Job Cacka]

In the past we have restricted WWW access for individual logins by allowing
or denying access to the proxy server for an individual login. This has
worked great for Windows boxes.

On a Redhat ES 4 server we have enabled X11 and we are using various thin
clients to connect to the server. We are using KDE to provide a desktop. We
have removed most of the menu options although if the user was sofisticated
enough they could add them back to the panel or create an icon to provide
them selves access to the WWW, Games, and various other distractions that we
would rather not leave open. Right now we are securing by obscurity, and we
would like to get away from this.

What I would like to do is:
 1. Remove all games from the Red Hat server or at least non-root access to
them.
 2. Have the option to allow or deny WWW access per login. Without
restricing local browser functionality.
 3. Allow or deny access to individual menu items per login.

So how do I do this? What is the most efficient method? I will need to be
able to do this for 100+ logins spread over 3 servers in the future.

This is in limited production now and is working well with less than a dozen
logins.


Job Cacka
Network Administrator