Hi John, hi list,
Am Freitag, 18. Februar 2011, 22:24:00 schrieb John A. Sullivan III:
I'm thinking we should err on the side of security and make it secure by default with the option to loosen. That said, is there a way to achieve all goals? We do need to stop the sudo log spam. We do need to prevent misfired installations that required great expertise to sort out. What if, instead of using sudo, we did lock down the x2go scripts by default with restricted ownership as suggested to those who responded to this thread concerned about security. That leaves us with maintaining local groups but that is not the end of the world. It eliminates the sudo problem and makes us secure by default rather than exception.
Thanks for the time you all put into this!!! I agree with John and also think that the upstream development should be as generic as possible and tweaking code such as the proposed change should be either done in the distribution package or possibly even better by the site administrator.
However, if people have patches that are generic and dedicated to upstream X2go and also ease a usage scenario like the one requested by Uni Erlangen, I guess there is a good chance of code inclusion into upstream.
Greets, Mike
Thanks, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0x1943CA5B mail: m.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...