[X2go-dev] sudo permissions?

Sat Oct 2 18:56:24 CEST 2010

On Sat, 2010-10-02 at 01:52 -0700, Rob Lemley wrote:
> Hey folks,
> 
> I've been toying around with x2go a bit, and I'm really liking it.
> From what I've seen, the overall architecture is cleaner than freenx
> and even neatx. Certainly none of that insanity of netcat's and
> fdcopy's.
> 
> I was a rather disturbed by the x2goserver package adding a line in my
> sudoers file to allow anyone in the x2gousers group to run
> x2gopgwrapper as root. I checked out that script and the three scripts
> it can potentially call, x2gopgwrapper_{local,net,sqlite}. Other than
> the _net script I see no reason why root access is required. All these
> scripts do is access a database and run queries. The _net script as
> written probably needs root access, but there's no reason why with
> some permission adjustments on the postgres database server that it
> can't run unprivileged as well.
> 
> As I'm just using sqlite on a single system, I did a little experiment
> and made some changes to run that script as an unprivileged user.
> 
> I created an unprivileged x2go user with no password:  (The defaults
> with this particular invocation of useradd are adequate, but the
> account can be restricted some more)
> useradd -r x2go
> 
> So the sudoers entry becomes:
> #### X2GO section
> %x2gousers ALL=(x2go) NOPASSWD: /usr/bin/x2gopgwrapper
> 
> Then permissions on the sqlite database need changing so our x2go user
> can run its queries:
> cd /var/db
> sudo chown -R x2go.x2go x2go
> 
> Finally, the scripts in /usr/bin need to be changed so that
> x2gopgwrapper runs at x2go:
> for i in x2go*; do sed -ibak -e 's/sudo x2gopgwrapper/sudo -u x2go
> x2gopgwrapper/' $i; done
> 
> I made these changes on my system and have not had any issues
> connecting. I am only using the x2goserver package at the moment; it's
> just this one script that gets executed as root, I don't know about
> any of the other packages.
> 
> There's also the matter of the x2gocleansessions cleanup script...
> There's a couple of sudo calls in there as well, I didn't change that
> just yet as I've just disabled it altogether to prevent the spam it
> sends to my syslog.
> 
> I apologize if this topic has been brought up before or is discussed
> in the documentation someplace; I looked around and didn't see
> anything. I simply bring this up in the interest of system security.
> The fewer things that run as root the better.
> 
> The changes I describe above are my quick hack-n-fix. If I get a
> chance in the next few days I can throw together a proper fix and
> submit a patch. (And please add my vote to the yes-please git
> repository crowd.)
> 
> 
> X2go seems to have a lot of possibilities and potential. Thanks to
> Heinz and Alex for their hard work.
<snip>
Hi, Rob.  I'm on a getaway with the family and "sneaking" this in so I
may be remembering the details incorrectly :)

You may want to trace all the other scripts which are invoked as part of
the process, especially x2gomount_sessions and x2goumount_sessions.
These may need root access - I'm not sure - John