Am 20.04.2012 11:12, schrieb Moritz Struebe:
On 2012-04-20 10:52, Denis Cardon wrote:
one thing I am missing from nx is in fact the nxacl file. It allowed me to setup access rights depending no the source ip and login of users and time of the day. For example I have one group of user that can login from the internal network only, while another group of road warriors that can log both from local or remote location. It is very cumbersome to do at the ssh level, and the nxacl file was very handy to do this. Perhaps there is a way to reproduce this behavior in x2go, and sorry if I missed it.
On the file ACL point of view, I thing the apparmor/selinux/nameyourown framework way to be much more clean. I don't like much the idea to change ACL on programs because of maintainability, for example on software upgrade and all (and IMHO security needs maintainability), and I think a broader framework to be more suitable (no opinion on which one).
Again, due to the way x2go works it is not possible to enforce this. x2go is just a very efficient way of "ssh -X". If it wasn't for maintainability, we could even get rid of the sqlite database and start the x2go manually.
Morty
+1 The main idea of X2Go is to use existing UNIX tools for data transport, authentication, access control, etc. This is why we decided to develop X2Go and not to improve, for example, freenx.
Any Idea to provide something like nxacl will be refused.
Regards, Alex
Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team
email: oleksandr.shneyder@obviously-nice.de web: www.obviously-nice.de
--> X2go - everywhere@home