Hi All:
Is there a way to call a logout script (i.e., one that is specific to each user upon ending a session)? In Ubuntu Server 10.4 we've tried various things including .bash_logout and /etc/gdm/PostSession/Default either performing a command or calling .bash_logout.
The "/etc/gdm/PostSession/Default" works if we log in directly, so assume this has something to do with xsession(?) and hope there is a way in an x2go session where when the user logs out, a script gets called in the background.
Thanks!
Hi,
On Fr 24 Feb 2012 14:21:55 CET wrote:
Hi All:
Is there a way to call a logout script (i.e., one that is specific
to each user upon ending a session)? In Ubuntu Server 10.4 we've
tried various things including .bash_logout and
/etc/gdm/PostSession/Default either performing a command or calling
.bash_logout.
Approach one (for system-wide plugging-in of custom X2Go extensions):
Install the package x2goserver-extensions (normally gets installed by
default).
Place any script you like (best practice: via a .deb package) into any
of the folders:
/usr/lib/x2go/extensions/pre-start.d /usr/lib/x2go/extensions/post-resume.d /usr/lib/x2go/extensions/post-suspend.d /usr/lib/x2go/extensions/pre-runcommand.d /usr/lib/x2go/extensions/pre-terminate.d /usr/lib/x2go/extensions/fail-start.d /usr/lib/x2go/extensions/pre-suspend.d /usr/lib/x2go/extensions/fail-runcommand.d /usr/lib/x2go/extensions/fail-suspend.d /usr/lib/x2go/extensions/post-start.d /usr/lib/x2go/extensions/post-runcommand.d /usr/lib/x2go/extensions/fail-resume.d /usr/lib/x2go/extensions/post-terminate.d /usr/lib/x2go/extensions/pre-resume.d /usr/lib/x2go/extensions/fail-terminate.d
Approach two (developers, please take note of this commit!): http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=a21e0dc286c89e94...
The "/etc/gdm/PostSession/Default" works if we log in directly, so
assume this has something to do with xsession(?) and hope there is a
way in an x2go session where when the user logs out, a script gets
called in the background.
The named GDM script is out of our reach when running X2Go sessions.
:-(, it is not related to .Xsession calls.
Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
Hi All:
We've been trying to find a way to lock down bash once an x2go session has started to prevent (either by accident or on purpose) use of the command prompt to cause mischief as we want to use x2go on Internet exposed servers . A few follow ups:
- Progress to date
We can accomplish a sort of bash lock down if we start an x2go session from a PC, and then manually as root (sudo su) on the server run a script that creates a folder in the active x2go users home, replace that user's .bashrc file with one that has a new path value, and create a link from bash to the folder. This doesn't disrupt the user's session, and disables most commands in gnome-terminal (users can do "cd" commands but no "ls" and can't do "./" to start scripts; users can still create .sh files and double click on them: we are using Ubuntu Server 10.4).
We've tried to find a way to automate all of this, including using .bash* files to call a script enabled in visudo to run as root. This doesn't work we think because while the called script has root privileges, it is still really being run as the x2go user with root privileges and as best we can tell, the script needs to run as root itself, not the x2go user. We get error messages and the session login doesn't complete which makes sense. We tried using a test to look for a complete login and then run the script but think that's further evidence the script needs to be run as root not the x2go user with root privileges to that script.
We've tried various ways to switch to root inside of the script, and this may be possible but no joy so far (including various errors that there is no tty or that su doesn't run inside of a terminal), and this this whole approach is probably flawed in terms the security issues we want to address....
- One Test
We tried putting a simple script with one command "touch ~/Desktop/Iwashere" in some of the extension folders suggested below:
/usr/lib/x2go/extensions/pre-start.d /usr/lib/x2go/extensions/post-runcommand.d /usr/lib/x2go/extensions/post-terminate.d /usr/lib/x2go/extensions/post-start.d
and as best we can the script doesn't get executed. There is a ".profile" in each of the extension folders - we tried putting the command in those files without success, whether we enable the executable bit or not.
- Q:
Is there a better approach to all of this? Or... Is there a way from the x2go code, to call our script as root "at the right time" after a user session has started but before the desktop, and call another one on logout to put the .bash* file back again so the logout can complete smoothly? Or... Is there a way outside of x2go anyone has used to do this sort of thing...detect that a new session has started, run a script etc.
It would seem that this would be best handled within x2go code, but happy to be wrong about that.
Also, even if this gets accomplished, we think we'll still have to address use the command prompt through ssh....
Any suggestions appreciated! Thanks,
Ted
-----Original Message----- From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> To: x2go-user <x2go-user@lists.berlios.de> Cc: x2go-dev <x2go-dev@lists.berlios.de> Sent: Fri, Feb 24, 2012 4:10 pm Subject: [X2Go-User] [SOLVED] Re: Call logout script
Hi,
On Fr 24 Feb 2012 14:21:55 CET wrote:
Hi All:
Is there a way to call a logout script (i.e., one that is specific
to each user upon ending a session)? In Ubuntu Server 10.4 we've
tried various things including .bash_logout and
/etc/gdm/PostSession/Default either performing a command or calling
.bash_logout.
Approach one (for system-wide plugging-in of custom X2Go extensions):
Install the package x2goserver-extensions (normally gets installed by
default).
Place any script you like (best practice: via a .deb package) into any
of the folders:
/usr/lib/x2go/extensions/pre-start.d /usr/lib/x2go/extensions/post-resume.d /usr/lib/x2go/extensions/post-suspend.d /usr/lib/x2go/extensions/pre-runcommand.d /usr/lib/x2go/extensions/pre-terminate.d /usr/lib/x2go/extensions/fail-start.d /usr/lib/x2go/extensions/pre-suspend.d /usr/lib/x2go/extensions/fail-runcommand.d /usr/lib/x2go/extensions/fail-suspend.d /usr/lib/x2go/extensions/post-start.d /usr/lib/x2go/extensions/post-runcommand.d /usr/lib/x2go/extensions/fail-resume.d /usr/lib/x2go/extensions/post-terminate.d /usr/lib/x2go/extensions/pre-resume.d /usr/lib/x2go/extensions/fail-terminate.d
Approach two (developers, please take note of this commit!): http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=a21e0dc286c89e94...
The "/etc/gdm/PostSession/Default" works if we log in directly, so
assume this has something to do with xsession(?) and hope there is a
way in an x2go session where when the user logs out, a script gets
called in the background.
The named GDM script is out of our reach when running X2Go sessions.
:-(, it is not related to .Xsession calls.
Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
X2Go-User mailing list X2Go-User@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-user
Hi Ted,
On Mi 29 Feb 2012 13:43:32 CET wrote:
We can accomplish a sort of bash lock down if we start an x2go
session from a PC, and then manually as root (sudo su) on the
server run a script that creates a folder in the active x2go users
home, replace that user's .bashrc file with one that has a new path
value, and create a link from bash to the folder. This doesn't
disrupt the user's session, and disables most commands in
gnome-terminal (users can do "cd" commands but no "ls" and can't do
"./" to start scripts; users can still create .sh files and double
click on them: we are using Ubuntu Server 10.4).
can a restricted user call ''bash'' on the command line??? This used
to be possible in older times... I'd rather suggest working into the
direction of using /bin/true instead of /bin/rbash.
I haven't looked any deeper into your approach (lack of time) sorry,
but an upstream/mainstream solution for X2Go would rather be a system
without the possibility of calling a shell.
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
Hi Ted,
On Mi 29 Feb 2012 13:43:32 CET wrote:
- One Test
We tried putting a simple script with one command "touch
~/Desktop/Iwashere" in some of the extension folders suggested below:/usr/lib/x2go/extensions/pre-start.d /usr/lib/x2go/extensions/post-runcommand.d /usr/lib/x2go/extensions/post-terminate.d /usr/lib/x2go/extensions/post-start.d
and as best we can the script doesn't get executed. There is a
".profile" in each of the extension folders - we tried putting the
command in those files without success, whether we enable the
executable bit or not.
Please make sure your scripts fulfull 2 requirements:
/usr/lib/x2go/extensions/post-terminate.d/<my-script>
has to be executable...
AND
The naming scheme is of <my-script> has to be...
<123>_<some-name>
where <123> is a three digit number...
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
-
Mike Gabriel -
senrabdet@aol.com