Hi Alexander,
On Fr 18 Feb 2011 20:14:19 CET Alexander Wuerstlein wrote:
Yes, but in large setups, groups become very hard to manage. Large groups with thousands of users tend to be an administration burden, also a large number of additional groups for each user tends to be problematic with many operating systems or setups (NIS, SQL, older unices, etc).
???? How do you get to this conclusion. My experience is totally on
the opposite side... Groups help to organize functionality of a system
in a sensible way. I always bind functionality to a group and then add
users to these groups. Such a pity, that posix does not offer a role
model, as well. This would make user und functionality management more
elegant even. This paragraph above makes me a little confused...
Yes, it does on small scales. And our approach wouldn't make the 'x2gousers' group go away if you still want to use it: You can simply make the x2gowrapper executable only for that group and not for others. Then you have exactly the same functionality as with 'sudo', but without the hassle of setting up the sudo configuration (wich does never seem to work automatically on installation). That would also be the suggested migration path i guess. Additionally you can of course use database black/whitelists, or you can set x2gowrapper o+rx and only use database black/whitelists. In that sense our approach would also be far more flexible than the current sudo approach.
You are not really suggesting that an X2go site administrator should
customize/tweak permissions on X2go /usr/bin files. This is really
dirty stuff and not an option to me...
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...