[X2Go-User] x2go + chroot
bughunter at riseup.net
Thu Mar 15 22:38:46 CET 2012
> I try to hear what you aim at... My guess: one central installation of
> X2Go and a desktop shell (GNOME, KDE, ...) or single applications.
yes, that is right!
> Whereas the software rests in one single installations each user is
> presented with his/her own chroot.
Having to setup applications for each user would be pita I think...
> How about installing X2Go + applications on the server and then
> setting up a chroot with --bind mounts and tmpfs directories. Each
> chroot jail will have _one_ homedir and ,,linked-in''-FHS-compliant
well, how exactly the chroot should be setup so that everything works?
> Tricky approach this will be...
if there is no best-practice in doing this already: how are people
preventing users from walking up the directory tree?
One might argue that a chroot is not really needed (if you have no
problem with users reading your /etc - why not) or e.g. SELinux might
be the better way to setup tighter server-side security precautions -
I am open to any solution, but I will prefer the one that is already
in use somewhere and is best supported by x2go developers. I would not
like to live on an island with this - should be easily reproducable
and no super-specialized ultra-individual setup... ;)
Looks for me like best solution would be if x2go-server had a chroot
feature, like e.g. ftp daemons - all other solutions look like
maintenance hell. Any chance in getting this on the development road
map? If it is tricky (certainly it is!) - this is one more argument
for doing it the right way once and forever... one config variable
and everybody will go crazy :)))
Thanks for your attention,
More information about the x2go-user