Hello Mike,
I try to hear what you aim at... My guess: one central installation of X2Go and a desktop shell (GNOME, KDE, ...) or single applications.
yes, that is right!
Whereas the software rests in one single installations each user is
presented with his/her own chroot.
Having to setup applications for each user would be pita I think...
How about installing X2Go + applications on the server and then
setting up a chroot with --bind mounts and tmpfs directories. Each
chroot jail will have _one_ homedir and ,,linked-in''-FHS-compliant
directories.
well, how exactly the chroot should be setup so that everything works?
Tricky approach this will be...
if there is no best-practice in doing this already: how are people preventing users from walking up the directory tree?
One might argue that a chroot is not really needed (if you have no problem with users reading your /etc - why not) or e.g. SELinux might be the better way to setup tighter server-side security precautions - I am open to any solution, but I will prefer the one that is already in use somewhere and is best supported by x2go developers. I would not like to live on an island with this - should be easily reproducable and no super-specialized ultra-individual setup... ;)
Looks for me like best solution would be if x2go-server had a chroot feature, like e.g. ftp daemons - all other solutions look like maintenance hell. Any chance in getting this on the development road map? If it is tricky (certainly it is!) - this is one more argument for doing it the right way once and forever... one config variable
chroot-users=yes
and everybody will go crazy :)))
Thanks for your attention, Bughunter