Hi,
On Thu, Mar 31, 2011 at 08:55:40PM -0400, John A. Sullivan III wrote:
On Fri, 2011-04-01 at 02:44 +0200, Dick Kniep wrote:
I do not want to secure the entire server. I only want a door that can be locked. So I allow a user to use the terminal. Okay he is allowed to use the terminal and so he can do anything he likes. No problem. [...] This can be enforced by my simple solution. From the client a command is sent, say "Start terminal". Then in the wrapper, the user is matched with the command and if the match exists, the command is allowed and is executed. If not, the request is rejected.
X2Go uses SSH for remote connections, as a result SSH needs to be restricted [on a per user basis] to allow [some subcommands of] X2Go only. In this case X2Go must not allow opening a shell.
Maybe this can be achieved also by apparmor, but it looks to me that apparmor is intended to secure the entire system which is really not what I want. (Or maybe I am mistaken because of lack of knowledge of apparmor)
I don't see how apparmor can be used to do this, but then I have not yet tried it. AFAIUI apparmor is used to confine a single application. Confining sshd this way for every user would remove the usual remote administration access.
Again I confess that I've not taken a lot of time to digest this issue but, I wonder if the back and forth is cause because for some users, this would be a highly desirable feature whereas, for others, it not only makes no sense but would be a significant obstacle. Can it be built as a configurable option that can be enabled with a setting in x2go.conf (or whatever file we are using for configuration)? - John
The application confined by apparmor must not be allowed to have any influence on apparmor, because apparmor shall confine cracked applications. So X2Go must not be allowed any say in the applicability of an apparmor profile.
On Thu, Mar 31, 2011 at 09:57:18PM -0400, Gerry Reno wrote:
It looks like you want an "authorization" solution. And that is what functionality like "sudo" is meant for. You make your users members of a certain group and then give that group rights to only specific executables. If they try to execute anything else, the command will fail.
AFAIUI Dick does not want to elevate access rights, which can be done using sudo, but further restrict the SSH (secure shell) access. The latter can be done by allowing just one (or a few) command(s) via the authorized_keys file of SSH. If some wrapper script shall be used, care must be taken to introduce no new holes.
It could be worth to investigate giving the x2go users a restricted shell (e.g. rbash).
Regards, Erik
Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ auerswald@fg-networking.de Tel: +49-631-4149988-0 Fax: +49-631-4149988-9
Gesellschaft für Fundamental Generic Networking mbH Geschäftsführung: Volker Bauer, Jörg Mayer Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630