Quarantining an account from the Internet, or from all networking?

[Benjamin Scott]

On Tue, Aug 17, 2010 at 8:43 AM, Kevin D. Clark
<kevin_d_clark at comcast.net> wrote:
> Well, then, you might want to consider replacing every occurence of
> the DOCREADER binary on your system's disk with a script that
> basically does this:
>
>  #!/bin/sh
>  exec sudo -u UNTRUSTED DOCREADER-original "${@}"

  Just occurred to me: Couldn't you setgid the binary, and make the
binary owned by root, group "untrusted" or whatever, mode 755.  Right?

-- Ben