Am 14.09.20 um 18:20 schrieb Ricardo Barrera Vazquez:
> I want to know how I can disable the file sharing functionality. I guess this
> has to be done on server side since the client is free to do whatever he
> wants with the x2go client. I'm dealing with a specific use case in which the
> client should not be able to share files (in/out the server) for security
> reasons therefore the only required functionality is the remote desktop and
> that's it.
There's a short and simple answer: You cannot.
The longer version, resulting in the same outcome, is this:
You can hide the built-in functionality on X2Go, both server- and client
side, but remember that X2Go is using SSH underneath. And once a user
has SSH access with sufficient privileges to run X2Go, they can also
exchange files. Yes, even if you block sftp/scp AND portforwarding.
X2Go is NOT a security mechanism. So please do not attempt to use it as
such - you will fail, as smarter minds than you have failed before you
even thought about it. It. Cannot. Be. Done.
If you're thinking about abusing X2Go as a security mechanism, you
should take at least three steps back and look at your problem from a
distance. Most likely, there will be a better solution somewhere else,
by taking a different approach.
Example:
The last time we had someone asking for this was when they had a
LibreOffice spreadsheet that was supposed to do some calculations using
some hidden formulas; they wanted the user to be able to see the result
of the calculations, but not the formula (and obviously, they shouldn't
be able to copy the Calc sheet, either).
For that use case, it is actually way simpler to use LibreOffice's
built-in command line processing of files and a web service - query the
input data via web form, paste them into the LibreOffice Calc sheet on
the command line, and have LibreOffice open that file in headless mode
to convert it to a PDF. That's clean, completely hides the formulas and
the Calc sheet from the user, and doesn't require applying kludge over
kludge just to be outsmarted by a kid that copies a QR-Code based File
Encoder Macro into a LibreOffice Document or bash script.
> Note: I confirmed my mailing subscription, would be great if you can accept
> my question.
Since you posted after subscribing, your posts will go through
automatically. I'll remove the dupe from the moderation queue next time
I go over the queued messages.
-Stefan
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user
