On 11-02-18 22:24, John A. Sullivan III <jsullivan@opensourcedevel.com> wrote:
On Fri, 2011-02-18 at 21:02 +0100, Alexander Wuerstlein wrote:
On 11-02-18 20:34, Gerry Reno <greno@verizon.net> wrote:
On 02/18/2011 02:14 PM, Alexander Wuerstlein wrote:
On 11-02-18 19:59, Gerry Reno <greno@verizon.net> wrote:
On 02/18/2011 01:18 PM, Reinhard Tartler wrote:
On Fri, Feb 18, 2011 at 18:52:28 (CET), John A. Sullivan III wrote: Hey - that wasn't me - that was Gerry :)
Oh, I'm sorry, that was an accident when deleting stuff...
Are you implying that every user on any x2go server would be able to launch a remote x2go desktop by default?
Yes.
That would be a security hole.
In what sense? That would only be a security hole if x2go were less secure than simple ssh logins. If that is the case, those security problems should of course be fixed. But I don't see the risk in allowing x2go usage to users who can use ssh anyways.
I'm thinking we should err on the side of security and make it secure by default with the option to loosen. That said, is there a way to achieve all goals? We do need to stop the sudo log spam. We do need to prevent misfired installations that required great expertise to sort out. What if, instead of using sudo, we did lock down the x2go scripts by default with restricted ownership as suggested to those who responded to this thread concerned about security. That leaves us with maintaining local groups but that is not the end of the world. It eliminates the sudo problem and makes us secure by default rather than exception.
Sounds like a good idea.
Ciao,
Alexander Wuerstlein.