Hi Mike
Thanks a lot for the cron job. But, for me, it doesn't work.
My group is "x2go-users". It is not a local group but a winbind group.
The users, which are is this group, dosn't have all their /home
created on the server.
I didn't known all the passwords and i won't.
The winbind configuration (it's not my project) doesn't allow the
expand group for better responses so a "getent group" list the group
but not the users. So x2godbadmin --addgroup does nothing.
For the first connexion, pam_mkhomedir.so do the job and create the
/home. But then howto launch the x2godbadmin because it's necessarly
launch with root user ?
Modify the right access on pgadmin file solve the problem, but can
compromise the entire database.
I think about pam_group.so. So i created a local group
with-x2go-access ;-) and fill it dynamically at user's logon. The user
is in group but the problem is that the content of this group is only
available for the user. A secondary console (in root) doesn't list the
user in with-x2go-access. The situation is similar, the x2godbadmin
can't be launch. So cron job launch every munites does nothing.
Humm ... i didn't see how to solve this.
Perhaps a postgresql config for using pam authentification ? First
question : has someone do that ? Second question is the database build
for doing something like that ?
Regards
Franck
Le 07/06/2015, "> Mike Gabriel (par Internet)"
<mike.gabriel@das-netzwerkteam.de> a écrit:
Hi Franck,
On Do 04 Jun 2015 13:31:52 CEST, BOTZ Franck (Administrateur
Systèmes et Réseaux) - DDT 67/SIDSIC/Pôle Infra wrote:My x2gobroker installation works very well (nightly build).
Good!
I have a question about x2godbadmin and the --addgroup option.
I have supposed that run the command x2godbadmin --addgroup
x2gouser add the group in the PostgreSQL database and then all
members of the x2gouser can access to x2goserverDon't have add users to group "x2gouser". The group is a system
group and only the user "x2gouser" may be a member of this group.
If other users get added to this group your X2Go installation can
be potentially compromised by those users (esp. if you are using
the SQLite backend).But after that, it appears that new user add to the group can't
open a x2gosession. x2goserver say : "Can't read password file
/home/xxxx/.x2go/sqlpass".So, what do really this command ?
- Read the content of the /etc/group/
- find x2gouser line
- read the users that are member
- add on per one in the database the user and write a
~/.x2go/sqlpass for each one ?This question has been brought up several times already.
What I do:
o create a group "with-x2go-access" (or use an already existing
group that can hold all potential X2Go Users) o run a nightly cron job as root (x2godbadmin --addgroup with-x2go-access)Not very elegant but working. I agree with you that the DB handling
in X2Go needs some love.Greets, Mike
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...