On Sat, 2010-10-02 at 01:52 -0700, Rob Lemley wrote: > Hey folks, > > I've been toying around with x2go a bit, and I'm really liking it. > From what I've seen, the overall architecture is cleaner than freenx > and even neatx. Certainly none of that insanity of netcat's and > fdcopy's. > > I was a rather disturbed by the x2goserver package adding a line in my > sudoers file to allow anyone in the x2gousers group to run > x2gopgwrapper as root. I checked out that script and the three scripts > it can potentially call, x2gopgwrapper_{local,net,sqlite}. Other than > the _net script I see no reason why root access is required. All these > scripts do is access a database and run queries. The _net script as > written probably needs root access, but there's no reason why with > some permission adjustments on the postgres database server that it > can't run unprivileged as well. > > As I'm just using sqlite on a single system, I did a little experiment > and made some changes to run that script as an unprivileged user. > > I created an unprivileged x2go user with no password: (The defaults > with this particular invocation of useradd are adequate, but the > account can be restricted some more) > useradd -r x2go > > So the sudoers entry becomes: > #### X2GO section > %x2gousers ALL=(x2go) NOPASSWD: /usr/bin/x2gopgwrapper > > Then permissions on the sqlite database need changing so our x2go user > can run its queries: > cd /var/db > sudo chown -R x2go.x2go x2go > > Finally, the scripts in /usr/bin need to be changed so that > x2gopgwrapper runs at x2go: > for i in x2go*; do sed -ibak -e 's/sudo x2gopgwrapper/sudo -u x2go > x2gopgwrapper/' $i; done > > I made these changes on my system and have not had any issues > connecting. I am only using the x2goserver package at the moment; it's > just this one script that gets executed as root, I don't know about > any of the other packages. > > There's also the matter of the x2gocleansessions cleanup script... > There's a couple of sudo calls in there as well, I didn't change that > just yet as I've just disabled it altogether to prevent the spam it > sends to my syslog. > > I apologize if this topic has been brought up before or is discussed > in the documentation someplace; I looked around and didn't see > anything. I simply bring this up in the interest of system security. > The fewer things that run as root the better. > > The changes I describe above are my quick hack-n-fix. If I get a > chance in the next few days I can throw together a proper fix and > submit a patch. (And please add my vote to the yes-please git > repository crowd.) > > > X2go seems to have a lot of possibilities and potential. Thanks to > Heinz and Alex for their hard work. <snip> Hi, Rob. I'm on a getaway with the family and "sneaking" this in so I may be remembering the details incorrectly :)
You may want to trace all the other scripts which are invoked as part of the process, especially x2gomount_sessions and x2goumount_sessions. These may need root access - I'm not sure - John _______________________________________________ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev