[X2Go-Commits] page changed: wiki:advanced:multi-node:x2goserver-pgsql

wiki-admin at x2go.org wiki-admin at x2go.org
Tue Mar 12 21:35:06 CET 2013


A page in your DokuWiki was added or changed. Here are the details:

Date        : 2013/03/12 20:35
Browser     : Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Iceweasel/18.0.1
IP-Address  : 46.142.148.41
Hostname    : 41-148-142-46.pool.kielnet.net
Old Revision: http://wiki.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-pgsql?rev=1362749499
New Revision: http://wiki.x2go.org/doku.php/wiki:advanced:multi-node:x2goserver-pgsql
Edit Summary: 
User        : sunweaver

@@ -1,27 +1,26 @@
- ====== Installation: X2go Server with PostgreSQL database backend ======
+ ====== Installation: X2Go Server with PostgreSQL database backend ======
  
- <note>This wiki page explains how you can configure X2Go with PostgreSQL as database backend. However, this is only recommended for sites that run more than one X2go server (X2go server clusters). If you have one standalone X2Go server then please use the SQLite database backend (which is the default after installing of the
''x2goserver'' package).</note>
+ **Note:** This wiki page explains how you can configure X2Go with PostgreSQL as database backend. However, this is only recommended for sites that run more than one X2Go Server (X2Go multi-node farms). 
  
- Changes since x2goserver v3.0.99.x:
+ If you have one standalone X2Go server then please use the SQLite database backend (which is the default after installation of the ''x2goserver'' package).
  
- The ''sudo'' command is no longer required by ''x2goserver'' to neither contact the
- SQLite database (installation default) nor the PostgreSQL database. Since v3.0.99.x 
- PostgreSQL views and rules are used to restrict users from modifying or accessing 
- data of other users.
+ With X2Go Server v3.0.99.0 the whole session database backend code had been fully rewritten due to a serious security issue that had been brought up by Morty, Reinhard and Arw. Sind then, the ''sudo'' command is no longer required by ''x2goserver'' to neither contact the
+
SQLite database (installation default) nor the PostgreSQL database. Since v3.0.99.x PostgreSQL views and rules are used to restrict users from modifying or accessing data of other users.
  
- For accessing the X2go/PostgreSQL database Perl DBI has been used in x2goserver.
+ For accessing the X2Go/PostgreSQL database X2Go Server uses the Perl DBI package.
+ 
+ ===== Preparations =====
  
- __Preparations:__
  
    * configure PostgreSQL server to enable TCP connections from your X2go server host
    * configure PostgreSQL server for md5 authentication for users from x2goserver in 
  
  <code>
  /etc/postgresql/(version)/main/pg_hba.conf
  </code>
  
- __Example:__
+ **Example:**
  
  <code>
  # IPv4 local connections:
  
@@ -59,9 +58,10 @@
  postgres=# \q
  
  </code>
  
- __Database configuration in file /etc/x2go/x2gosql/sql:__
+ ==== Database configuration in file /etc/x2go/x2gosql/sql ====
+ 
  
  <code>
  #postgres or sqlite
  backend=postgres
@@ -80,9 +80,10 @@
  #default -
prefer
  ssl=prefer
  </code>
  
- Database administration using ''/usr/lib/x2go/script/x2godbadmin'' (on X2go server).
+ === Database administration using ''/usr/lib/x2go/script/x2godbadmin'' (on X2Go Server) ===
+ 
  
  <code>
  $ /usr/lib/x2go/script/x2godbadmin --help
  X2Go SQL admin interface. Use it to create x2go database and insert or
@@ -110,44 +111,6 @@
  $ x2godbadmin --addgroup x2gousers
  </code>
  
  After that step users can create x2go sessions.
- 
- ====== Installation (for x2goserver < 3.0.99.x - old code, please upgrade your x2goserver) ======
- :!: **Before you begin!** -> Note that you are using old and insecure code... Please upgrade to a current version of x2goserver.
- 
- //The following documentation only exists for historical reference and it will be removed soon from this wiki.//
- 
- 
- Please make sure that you have added the x2go repository to your package management system. The required steps are described [[:wiki:x2go-repository-debian|here]]! You'll
further need to have some experience with x2goprint and maybe x2goserver.
- If you want to use an already existent PostgreSQL database server in your network, you'll need to allow the x2goserver(s) access to the database server.
- First of all, you'll need to tell the address of the target server to every x2goserver:
- 
- <code>
- # echo -n <ip_or_hostname_of_postgres_server> > /etc/x2go/sql
- </code>
- 
- Furthermore you'll need to allow “passwordless” authentication via SSH keys. Please don't add a “paraphrase” to the generated key:
- 
- <code>
- # mkdir /root/.x2go/ssh/.pg
- # ssh-keygen -t dsa -f /root/.x2go/ssh/.pg/id_dsa
- </code>
- 
- To copy the public part of the key to the PostgreSQL server, you may use the “ssh-copy-id” command to combine transfer and paste command, or you can paste the key after transferring it by yourself (make sure file permissions for SSH key authentication are set correctly):
- 
- <code>
- # mkdir -p ~postgres/.ssh/
- # cat id_dsa-pub >>
~postgres/.ssh/authorized_keys
- # chown -Rf postgres:postgres ~postgres/.ssh
- # chmod -Rf go-rwx ~postgres/.ssh
- </code>
- 
- You can test the needed connection by entering following command:
- 
- <code>
- # ssh -i /root/.x2go/ssh/.pg/id_dsa postgres at server
- </code>
- 
- You'll also need to run the “x2gocreatebase.sh” script as described before on the database server to create the needed instance.
  
  



-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/




More information about the x2go-commits mailing list