[X2go-Dev] [PATCH] Allow users to edit their *own* sessions only

Reinhard Tartler siretart at tauware.de
Mon Jul 25 13:37:46 CEST 2011


On Mon, Jul 25, 2011 at 12:32:44 (CEST), John A. Sullivan III wrote:

> On Mon, 2011-07-25 at 08:32 +0200, Mike Gabriel wrote: 
>> Hi Reinhard,
>> 
>> On Mo 25 Jul 2011 00:10:03 CEST Reinhard Tartler wrote:
>> 
>> > previously, users could create sessions under wrong uids or delete
>> > sessions from other users. This patch implements prevents this by
>> > checking the userid of the caller with the session id.
>> 
>> +1 from me...

the patch has whitespace/tab issues and is therefore not ready.

>> > [... patch ...]
>> 
> <snip>
> We addressed this a little differently as it is one of the problems we
> immediately recognized in X2Go two years ago and one of the major
> modifications we made in our environment.
>
> I'll have to dig out the specifics and your solution may be much better
> anyway but to scale to a large installation with a single database
> server and do it securely and without the users using the superuser
> database account, we changed all the scripts to use schemas named after
> the user's id.  Each user has a schema and within the schema there is a
> trigger to update an instance of x2gosessions which is accessible by
> postgres.  This table is used by a single x2gocleansessions routine
> which cleans up after all users rather than having 1000 such session all
> running every five seconds.

While implementing this change, it occured to me as well that having an
extra field in the database schema would be beneficial to determine the
user. For now, I avoided a schema change, but if we have to touch the
schema, this would be an addition to consider.

> The end result is a single database and a single cleanup daemon for an
> unlimited number of x2go servers and users with users having access to
> only their schema and no user using the postgres account - John

To be honest, I'd like to remove the cleanup daemon completely and
integrate the cleanup into the listsessions command. The current
implementation of the cleanup daemon in perl that runs as root and
doesn't work properly anyway makes me feel quite uneasy.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4




More information about the x2go-dev mailing list