Hi Morty, On Mo 21 Mär 2011 08:52:04 CET Moritz Struebe wrote:
On 2011-03-20 16:01, Mike Gabriel wrote:The right way of doing this, would be to the learn about Linux system administration and use the sufficient tools already provided to you (e.g. ACLs). Everything else creates false feeling of security.What exactly are you aiming at?I am aiming at x2go-client/server being the wrong place to do rights management. IMO if someone tires to start an x2go session, who is not allowed to do so, should fail starting the server and get a notice of this. I don't see any reason for handshaking, unless this has something to do with x2go. And IMO rights management isn't. But that's my opinion.
I share your opinion. So there are two parts of such a feature... 1. control management through the available posix etc. mechanisms 2. a script x2gofeatures, that can tell the client what is allowed and what not: if the server can tell the client what's possible and what not the session start up will be much faster compared to stumbling over a couple of session errors during session handshakesWould apparmor be one way to go? Do you already have a clearer idea how you would tighten up a system?
Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpUEInTRHRyu.pgp
Description: Digitale PGP-Unterschrift
_______________________________________________ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev