On Sat, 2010-10-02 at 01:52 -0700, Rob Lemley wrote:
Hey folks,
I've been toying around with x2go a bit, and I'm really liking it. From what I've seen, the overall architecture is cleaner than freenx and even neatx. Certainly none of that insanity of netcat's and fdcopy's.
I was a rather disturbed by the x2goserver package adding a line in my sudoers file to allow anyone in the x2gousers group to run x2gopgwrapper as root. I checked out that script and the three scripts it can potentially call, x2gopgwrapper_{local,net,sqlite}. Other than the _net script I see no reason why root access is required. All these scripts do is access a database and run queries. The _net script as written probably needs root access, but there's no reason why with some permission adjustments on the postgres database server that it can't run unprivileged as well.
As I'm just using sqlite on a single system, I did a little experiment and made some changes to run that script as an unprivileged user.
I created an unprivileged x2go user with no password: (The defaults with this particular invocation of useradd are adequate, but the account can be restricted some more) useradd -r x2go
So the sudoers entry becomes: #### X2GO section %x2gousers ALL=(x2go) NOPASSWD: /usr/bin/x2gopgwrapper
Then permissions on the sqlite database need changing so our x2go user can run its queries: cd /var/db sudo chown -R x2go.x2go x2go
Finally, the scripts in /usr/bin need to be changed so that x2gopgwrapper runs at x2go: for i in x2go*; do sed -ibak -e 's/sudo x2gopgwrapper/sudo -u x2go x2gopgwrapper/' $i; done
I made these changes on my system and have not had any issues connecting. I am only using the x2goserver package at the moment; it's just this one script that gets executed as root, I don't know about any of the other packages.
There's also the matter of the x2gocleansessions cleanup script... There's a couple of sudo calls in there as well, I didn't change that just yet as I've just disabled it altogether to prevent the spam it sends to my syslog.
I apologize if this topic has been brought up before or is discussed in the documentation someplace; I looked around and didn't see anything. I simply bring this up in the interest of system security. The fewer things that run as root the better.
The changes I describe above are my quick hack-n-fix. If I get a chance in the next few days I can throw together a proper fix and submit a patch. (And please add my vote to the yes-please git repository crowd.)
X2go seems to have a lot of possibilities and potential. Thanks to Heinz and Alex for their hard work. <snip> Hi, Rob. I'm on a getaway with the family and "sneaking" this in so I may be remembering the details incorrectly :)
You may want to trace all the other scripts which are invoked as part of the process, especially x2gomount_sessions and x2goumount_sessions. These may need root access - I'm not sure - John