Hi,
I need instructions for how to setup a chroot environment on the server - I found this old discussion:
http://www.mail-archive.com/x2go-dev@lists.berlios.de/msg01268.html
but there is no solution, unfortunately.
Also, I found
http://www.x2go.org/doku.php/wiki:components:tce
but this seems to be a tool for setting up chroot on the CLIENT side? Seems to be a different use case.
What I want:
I would like to chroot users that logged into the server via x2go client to see only files in their home directory (or inside their "jail") - what is the recommended + most efficient way of doing this with the least administrative overhead? - mind the updates! - so recompiling jail binaries after every update of relevant software should happen automatically, most preferable solution would be:
apt-get install x2go-server-chroot x2go-create-chroot /home/user
without any needed (or minimal) additional interaction after future updates so that your jail is always uptodate after an apt-get update.
does this exist?
if not, how to create it?
THANK you very much for your attention, Bughunter
BTW search for x2go +chroot with Google to see how small the internet can be ;)
On Thu, 2012-03-15 at 12:58 +0100, BUGHUNTER wrote:
Hi,
I need instructions for how to setup a chroot environment on the server - I found this old discussion:
http://www.mail-archive.com/x2go-dev@lists.berlios.de/msg01268.html
but there is no solution, unfortunately.
Also, I found
http://www.x2go.org/doku.php/wiki:components:tce
but this seems to be a tool for setting up chroot on the CLIENT side? Seems to be a different use case.
What I want:
I would like to chroot users that logged into the server via x2go client to see only files in their home directory (or inside their "jail") - what is the recommended + most efficient way of doing this with the least administrative overhead? - mind the updates! - so recompiling jail binaries after every update of relevant software should happen automatically, most preferable solution would be:
apt-get install x2go-server-chroot x2go-create-chroot /home/user
without any needed (or minimal) additional interaction after future updates so that your jail is always uptodate after an apt-get update.
does this exist?
if not, how to create it?
THANK you very much for your attention, Bughunter
BTW search for x2go +chroot with Google to see how small the internet can be ;) <snip>
I don't know if it is of any help but we run X2Go Server in a VServer which is, more or less, a chroot on steroids. We did find we needed to do some intense surgery on the X2Go Server side scripts and we had to add certain capabilities to the vservers - particularly mount capabilities. We were never able to enable local share unmounting (fusermount requires capabilities which are not available in our kernel
- I believe they may be in newer kernels) which is one reason why we moved session clean up to the VServer host (besides the fact that I can run one cleanup daemon for hundreds of x2goserver instances instead of one process each (and it fires every five seconds).
Hi,
I don't know if it is of any help but we run X2Go Server in a VServer which is, more or less, a chroot on steroids. We did find we needed to do some intense surgery on the X2Go Server side scripts and we had to add certain capabilities to the vservers - particularly mount capabilities.
can I find some more docs on this anywhere? Code? Howtos?
how do you handle updates of xX2Go Server?
Would be very interested in reading more about your solution!
Thanks for your attention, Bughunter
On Fri, 2012-03-16 at 19:59 +0100, BUGHUNTER wrote:
Hi,
I don't know if it is of any help but we run X2Go Server in a VServer which is, more or less, a chroot on steroids. We did find we needed to do some intense surgery on the X2Go Server side scripts and we had to add certain capabilities to the vservers - particularly mount capabilities.
can I find some more docs on this anywhere? Code? Howtos?
how do you handle updates of xX2Go Server?
Would be very interested in reading more about your solution!
Thanks for your attention, Bughunter <snip> I won't be able to get to this today but will try to do so early next week. We are still running on 3.0.1-5 so our notes will need to be heavily adapted for the latest x2goserver - John
On Sat, 2012-03-17 at 05:14 -0400, John A. Sullivan III wrote:
On Fri, 2012-03-16 at 19:59 +0100, BUGHUNTER wrote:
Hi,
I don't know if it is of any help but we run X2Go Server in a VServer which is, more or less, a chroot on steroids. We did find we needed to do some intense surgery on the X2Go Server side scripts and we had to add certain capabilities to the vservers - particularly mount capabilities.
can I find some more docs on this anywhere? Code? Howtos?
how do you handle updates of xX2Go Server?
Would be very interested in reading more about your solution!
Thanks for your attention, Bughunter <snip> I won't be able to get to this today but will try to do so early next week. We are still running on 3.0.1-5 so our notes will need to be heavily adapted for the latest x2goserver - John <snip> I'll reply privately to not burden the list - John
Hi BUGHUNTER,
On Do 15 Mär 2012 12:58:41 CET BUGHUNTER wrote:
I need instructions for how to setup a chroot environment on the server - I found this old discussion:
The TCE is a thin client system (lying in a chroot) that can be booted
via PXE/NFS. The chroot is the rootfs of the netbootet thin client.
but this seems to be a tool for setting up chroot on the CLIENT side? Seems to be a different use case.
Yes.
What I want:
I would like to chroot users that logged into the server via x2go client to see only files in their home directory (or inside their "jail") - what is the recommended + most efficient way of doing this with the least administrative overhead? - mind the updates! - so recompiling jail binaries after every update of relevant software should happen automatically, most preferable solution would be:
Have you taken a look at the generic schroot (package name) tool? For
X2Go you will have to run install one X2Go server per chroot and run
one SSHd per chroot, I guess. So that is: many SSH ports, one for each
chroot.
apt-get install x2go-server-chroot x2go-create-chroot /home/user
Nothing like this exists, yet. If you aim at working on such a thing,
then please contribute it to the project.
I know, that John Sullivan offers a software service designed like you
suggest, based on VServer.
without any needed (or minimal) additional interaction after future updates so that your jail is always uptodate after an apt-get update.
Big goal...
does this exist?
No, not yet. But soon???
if not, how to create it?
THANK you very much for your attention, Bughunter
Will be happy to help you with your issues. If you start working on
actual code, let's move the discussion to the x2go-dev ML.
BTW search for x2go +chroot with Google to see how small the internet can be ;)
Right...
Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
-
BUGHUNTER -
John A. Sullivan III -
Mike Gabriel