[X2Go-Commits] page added: wiki:security:rbash

wiki-admin at x2go.org wiki-admin at x2go.org
Sun Oct 26 19:14:27 CET 2014


A page in your DokuWiki was added or changed. Here are the details:

Date        : 2014/10/26 18:14
Browser     : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36
IP-Address  : 78.52.193.201
Hostname    : f052193201.adsl.alicedsl.de
Old Revision: ---
New Revision: http://wiki.x2go.org/doku.php/wiki:security:rbash
Edit Summary: created
User        : woglinde

The way x2go works, allows every user to get a ssh access to the x2go server.

This can be a big problem when, you can not use the broker, to prevent certain actions on
the server. The users can browse the x2go-server and have the access to nearly all directiores.

There are serval options to prevent the user doing it. One would be the use of selinux, but it is hard to understand
and hard to setup correctly. Another option is the use of rbash, but with the current state of x2go-server there
are serval steps so setup it up working correctly.

=
rbash short feature overview =

rbash has some intressting features:

* cd is disabled
* no redirections via > and >> are allowed
* no calls of binaries via complete path
* no changes on the PATH variable are allowed

But be aware, if rbash detects that a executebale is a shell-script it will disable all the feature 




-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/



More information about the x2go-commits mailing list