Hm... for some reason I did not receive replies to gmail, saw the response on mail-archive :(
If you just want to hide entries in Published Application mode, you can replace the symlink /etc/x2go/applications with a real directory and copy the *.desktop files you want into that. Note that users will still be able to run other applications by specifying them by name, either in an xterm or in Single Application mode.
To actually block users from running certain applications, please use standard Linux/Unix mechanisms; in other words, chmod and chown are your friends. For example, if you want people to be unable to run xterm unless they are members of a particular group "newgroup", "chown root:newgroup /usr/bin/xterm && chmod 750 /usr/bin/xterm", then add the users you want to the group "newgroup": "adduser someuserhere newgroup"
Adding blocking functionality to X2Go wouldn't make any sense, because if you have users that can log in to your server via X2Go, they can just as well log in via regular SSH, where an X2Go-only block wouldn't be in effect, and wreak havoc from there (even for GUI applications, as the users could just redirect their DISPLAY variable to point at their own X2Go session running in parallel).
Thanks for reply. The main intention is to not actually forbid something, but rather to minimize possible user mistakes. There is a long list of options in session setup - KDE, GNOME, ... - which we don't plan to install on the server. But user can choose them and then get an error. I just want all users to start the custom session script, which will setup keyboard (unfortunaly x2go cannot do that from server side :() and run correct session. Do I understand correctly, that current X2Go client cannot do that?
2018-03-30 16:40 GMT+03:00 Михайло Падалка <misha.cn.ua@gmail.com>:
Hello!
Is there any possibility to limit what session users can start?
Thanks!
-- З повагою, Михайло
-- З повагою, Михайло