On Mon, 2011-07-25 at 08:32 +0200, Mike Gabriel wrote: > Hi Reinhard, > > On Mo 25 Jul 2011 00:10:03 CEST Reinhard Tartler wrote: > > > previously, users could create sessions under wrong uids or delete > > sessions from other users. This patch implements prevents this by > > checking the userid of the caller with the session id. > > +1 from me... > > > [... patch ...] > <snip> We addressed this a little differently as it is one of the problems we immediately recognized in X2Go two years ago and one of the major modifications we made in our environment.
I'll have to dig out the specifics and your solution may be much better anyway but to scale to a large installation with a single database server and do it securely and without the users using the superuser database account, we changed all the scripts to use schemas named after the user's id. Each user has a schema and within the schema there is a trigger to update an instance of x2gosessions which is accessible by postgres. This table is used by a single x2gocleansessions routine which cleans up after all users rather than having 1000 such session all running every five seconds. The end result is a single database and a single cleanup daemon for an unlimited number of x2go servers and users with users having access to only their schema and no user using the postgres account - John _______________________________________________ X2go-Dev mailing list X2go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
