Hello Mike, hello list,
Am 20.02.2011 10:48, schrieb Mike Gabriel:
So, @Heinz and/or Alex: Could you please give your opinion on this discussion rather sooner than later?
The x2go usergroup was used to restrict the access to "x2gopgwrapper". This main use case is no longer existant, because of the changes made to the postgres database handling.
If you want to deny users access to a server, it is a better idea to think about a more complete solution, as users outside this group still can have access via ssh (-X).
As the main purpose of this construction is no longer needed, we should not keep it alive. Allowing users to run applications as another user is always a great security issue.
As Alex and I have discussed this topic, we've come to the conclusion to drop the need of the group and sudo at all.
This leads to the following suggestions:
You should use pgsql backend in all cases except home, (very) small office network or VM pools where each user has his own VM.
So in future there will be:
- no need to have sudo entry.
- no need to have 'x2gousers' group
- no need to insert users in 'x2gousers' group
This will also solve a Bug on debian edu:
http://www.mail-archive.com/debian-edu@lists.debian.org/msg19665.html
Best Regards,
Alex & Heinz