limiting outbound destination ports by uid/gid

I am trying to limit outbound destination port access by uid/gid in my firewall. This is for a cpanel server.

The way I initially thought of configuring this is like this:
The firewall blocks outbound destination ports 80, 443, and some other ports, for all account users UID's, and user nobody (I use the allow file to allow access to certain IP's for things like RSS feeds).

This would mean I will have a long list of rules in my deny file (around 150 users), since I would need a rule for every user on the server.

Now I was thinking of creating a new group "webusers", and add all cpanel account users to that group. This would enable me to block by gid instead of having rules for each uid.

Using 'addgroup' I can create a new group, then I would have to do the following for each user:
Code: 
adduser username groupname
Questions:

1. Is there a better/faster way to do add all users to the new group?

2. Is there a problem with having a group containing let's say 150 users?

3. Any other issues with this approach?

4. If you have any other recommendations, please let me know limiting outbound destination ports by uid/gid

 

 

 

 

Top