On 2012-04-20 10:52, Denis Cardon wrote:
one thing I am missing from nx is in fact the nxacl file. It allowed me to setup access rights depending no the source ip and login of users and time of the day. For example I have one group of user that can login from the internal network only, while another group of road warriors that can log both from local or remote location. It is very cumbersome to do at the ssh level, and the nxacl file was very handy to do this. Perhaps there is a way to reproduce this behavior in x2go, and sorry if I missed it.
On the file ACL point of view, I thing the apparmor/selinux/nameyourown framework way to be much more clean. I don't like much the idea to change ACL on programs because of maintainability, for example on software upgrade and all (and IMHO security needs maintainability), and I think a broader framework to be more suitable (no opinion on which one).
Again, due to the way x2go works it is not possible to enforce this. x2go is just a very efficient way of "ssh -X". If it wasn't for maintainability, we could even get rid of the sqlite database and start the x2go manually.
Morty
-- Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter) Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Friedrich-Alexander-Universität Erlangen-Nürnberg Martensstr. 1 91058 Erlangen
Tel : +49 9131 85-25419 Fax : +49 9131 85-28732 eMail : struebe@informatik.uni-erlangen.de WWW : http://www4.informatik.uni-erlangen.de/~morty