[X2go-dev] x2go security Issues

[Moritz Struebe]

Hi Kevin,

sudoers is only needed for the sqlite-version. For that this it works
fine, needing some minor adjustments like ownership of the database,
etc. It's probably worth doing the postinst of x2goserver-one by hand
instead of installing it.
http://code.x2go.org/gitweb?p=x2goserver-one.git;a=blob;f=debian/postinst
I personally haven't looked at the postgres solution. As far as I
understood you currently need to import users first - but it's probably
worth looking at the code and providing a patch. :)

Cheers
Morty


On 2011-02-14 10:23, Kevin Moellering wrote:
> Furthermore I've got a rather special question. On a current
> test-system  we have replaced the x2gousers group by a custom group
> that each user that should be allowed to use x2go already is included
> in. We have decided to do so, because our we do not want to add
> additional groups.
> Since you are going to change this specific line in the sudoers file,
> I wonder if this is still possible.
> If you are just replacing the semantics of "everybody in x2gousers
> gets root for /usr/bin/x2gopgwrapper" by "everybody in x2gousers gets
> $someSpecialX2goUser for /usr/bin/x2gopgwrapper" (where
> $someSpecialX2goUser is a user that is just allowed to access the
> databases) the should be easily possible, shouldn't it? 


-- 
Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter)
Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme)
Friedrich-Alexander-Universität Erlangen-Nürnberg
Martensstr. 1
91058 Erlangen

Tel   : +49 9131 85-25419
Fax   : +49 9131 85-28732
eMail : struebe at informatik.uni-erlangen.de
WWW   : http://www4.informatik.uni-erlangen.de/~morty




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5867 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110214/d1972e1c/attachment.bin>