Hi Oleksandr,
Thank you very much for your email. I see the confusion. Yes, my site has a centralized user management in the sense that all users are in /etc/passwd but distributed via some configuration mechanism. This means that we do not use LDAP, and the user database is imported from somewhere else. I hesitate to use postgres because I feel it is quite complex to setup. Also, we use dedicated VMs for each user, so there is no need server pooling or the like.
I understand from your email that the sqlite database is used to figure out what are the free X11 display ports. Is this correct? Would probing for a free port work as well? If yes, then let's have every user have its own sqlite.
Please let me know what you think. Reinhard
On Sat, Dec 14, 2013 at 6:26 PM, Oleksandr Shneyder <o.shneyder@phoca-gmbh.de> wrote:
Hello Reinhard,
in central DB different sessions information is stored. For example, used display numbers and ports. x2gostartagent look in the DB when assigning display and ports for new sessions. Historical x2ho has only postgresql support. In postgres version users have access only to his own entries in sessions table. sqlite support was developed for small one-server installation wheres installing of postgresql is oversized. To avoid users modify session data only user "x2gouser" has direct access to DB. For complex setups with central user administrations you should use postgresql instead of sqlite.
regards Alex
Am 14.12.2013 23:26, schrieb Reinhard Tartler:
Hi,
can someone please remind me again why we need a sqlite database that is shared for all users? It allows users to see what other users are currently having running sessions, which I frankly don't consider very important. It could even be considered a privacy issue.
If there isn't a good reason for a shared database, why don't we have x2go users have their own sqlite database in their home directory? This would allow to get rid of the x2go user and all suid/sgid complexity that comes with it.
Background, I'm trying to have my new employer deploy x2go, and I'm currently having trouble to explain this point. I understand that the current printing implementation requires the x2goprint user, but that's not an issue right now.
Thanks, and greetings from NYC!
--
Oleksandr Shneyder | Email: o.shneyder@phoca-gmbh.de phoca GmbH | Tel. : 0911 - 14870374 0 Bräuhausgasse 9 | Fax. : 0911 - 14870374 9 D-82205 Gilching | Mobil: 0163 - 49 64 461
Geschäftsführung: Dipl.-Inf. Oleksandr Shneyder
Amtsgericht München | http://www.phoca-gmbh.de HRB 196 658 | http://www.x2go.org USt-IdNr.: DE281977973
X2Go-Dev mailing list X2Go-Dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
-- regards, Reinhard