On Mon, May 4, 2020 at 1:15 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
You need to realize the truth: What a user can see (as in "access"), they can copy.
Well, I basically agree with what you wrote. But the OP was mentioning he just wants to provide _one_ single published application.
Now let us assume some pre-conditions:
- the application is unable to display the data you want to protect. If not, all the ways you mocked up above could be used and the approach will not work
- the application cannot start other apps like an xterm or a shell on user request
- there's only ssh access
- the x2go scripts are sane and secure
Then all we'd need was
- a restricted ssh-key that only allows for the commands that are required for the x2go session handling
- ensuring the x2go session handling will only start that single application and no other user specified command.
The user then can still configure arbitrary sessions but they will either always fail or ignore the user's command and run the one application in question. We could also provide a server side setting that only allows published application connects.
It will not work out of the box but I am pretty sure it could be implemented.
Also, IIRC Mihai added an explicit bash call into certain commands to make it work fur users with a different login shell. And obviously the original rbash instructions worked before. So you could also try to set that up and do some research where to remove the explicit bash calls.
Comments?
Uli