Re: [X2Go-Dev] Published Applications

Am 20.04.2012 13:57, schrieb Vasilica Petcu:

Ok... So I see that my questions turned on the heating :)

Popcorn anyone? ;-) Or ice-cream? ;-)

1. It is possible to restrict users/groups access to "published applications" with Extended Attributes...

But I still have a question about that... In a clustered environment, the Extended Attributes on all machine suppose to be the same... right ?

I don't have experience with clusters, but I'd say, if EAs (or more generally speaking, file ownership/permissions) don't match across individual cluster members, your cluster is somehow out of sync, which sounds bad.

2. User access to only "published applications" can be achieved only if it doesn't exist a Desktop Environment...

To sum it up, you can:

• opt to not install a DE at all
• limit access to it via file system attributes (make e.g. startkde executable only for owner and a specific group, and only add users that are supposed to run startkde to this group)
• limit access to it via apparmor/SELinux etc., as suggested by Mike.

-Stefan