page changed: x2gobroker:inifilebackend - x2go-commits

12 May 2013


      A page in your DokuWiki was added or changed. Here are the details:

Date        : 2013/05/12 22:47
Browser     : Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:18.0) Gecko/20100101 Firefox/18.0
IP-Address  : 176.6.152.202
Hostname    : 176.6.152.202
Old Revision: http://wiki.x2go.org/doku.php/x2gobroker:inifilebackend?rev=1368397585
New Revision: http://wiki.x2go.org/doku.php/x2gobroker:inifilebackend
Edit Summary: 
User        : sunweaver

@@ -3,5 +3,7 @@
  The default version of the ''/etc/x2go/broker/x2gobroker-sessionprofiles.conf'' configuration file can be viewed [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=blob;f=etc/broker/x2gobroker-sessionprofiles.conf|here]].
+ 
+ ===== Basic Configuration File =====
  
  The file format is the INI file format. It falls in to a [DEFAULT] section and one or more session profile sections. A minimal setup could look like this.
  
  <file>
@@ -22,4 +24,66 @@
  height=768
  </file>
  
  Note that every X2Go Client parameter not given here gets
filled in from a [[http://code.x2go.org/gitweb?p=x2gobroker.git;a=blob;f=x2gobroker/defaults.py|hard-coded default configuration]].
+ 
+ ===== Filtering through Access Control List =====
+ 
+ If a user has been successfully authenticated against the X2Go Session Broker (or a user name has been given via the http request for cases where ''check-credentials'' in ''x2gobroker.conf'' is set to ''false'') you can use the user's UID, GID and the client address from that the user connects to filter out session profiles.
+ 
+ <file>
+ [DEFAULT]
+ command=XFCE
+ fullscreen=true
+ 
+ [staff-server]
+ host=x2go-staff.intern
+ acl-groups-allow=staff,admins
+ acl-groups-deny=ALL
+ acl-any-order=deny-allow
+ 
+ [student-server]
+ host=x2go-student-01.intern
+ acl-groups-allow=students,admins
+ acl-groups-deny=ALL
+ acl-any-order=deny-allow
+ 
+ [admin-server]
+ host=x2go-admin.intern
+ fullscreen=false
+ width=1280
+ height=768
+ acl-groups-allow=admins
+ acl-groups-deny=ALL
+
acl-any-order=deny-allow
+ </file>
+ 
+ ==== List of ACL rules ====
+ 
+ The ACL rules work very similar to Apache ACL rules (allow, deny statements in ''apache2.conf'').
+ 
+ To set the order (deny, allow vs. allow, deny), use this parameter
+ 
+   * ''acl-any-order = {deny-allow|allow-deny}'' (apply order to any ACL)
+   * ''acl-users-order = {deny-allow|allow-deny}'' (apply order to user ACLs only)
+   * ''acl-groups-order = {deny-allow|allow-deny}'' (apply order to group ACLs only)
+   * ''acl-clients-order = {deny-allow|allow-deny}'' (apply order to client ACLs only)
+ 
+ Furthermore, an aid for selecting the correct order (deny-allow vs. allow-deny): 
+ 
+ **User ACLs:**
+ 
+   * ''acl-users-allow = <user1>, <user2>, ..., <userN>''
+   * ''acl-users-deny = ALL''
+ 
+ **Group ACLs:**
+ 
+   * ''acl-groups-allow = <group1>, <group2>, ..., <groupN>''
+   * ''acl-groups-deny = ALL''
+ 
+ **Client ACLs:**
+ 
+   * ''acl-clients-allow = <subnet-or-ip>, <or-dns-hostname>
+   *
''acl-clients-deny = ALL''
+ 
+ 
+ 



-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/

    