[X2go-dev] sudo permissions?

Rob Lemley roblemley at gmail.com
Tue Oct 5 11:34:17 CEST 2010 

Hello Oleksandr,

Please understand that I am trying to offer constructive criticism.
Any time I see something that runs as root, I try to figure out why,
and if possible run it as a non-privileged user. From a sysadmin point
of view, I would much prefer that a piece of software that I install
create a new user on my system than allow any user to run a script as
root.

I see what you mean with the shadow sessions. May I suggest a second
wrapper script for cases like this?

User permissions and security are rarely simple, and safeguards can
quickly overwhelm the original scope of the situation. Sometimes all
we can do is minimize the risk/exposure, and that is all I am looking
to do here.

Thank you for your hard work on x2go.

-rob


On Tue, Oct 5, 2010 at 12:37 AM, Oleksandr Shneyder
<oleksandr.shneyder at obviously-nice.de> wrote:
> Hello Rob, list
>
> In multi-user environment session informations of all users are stored
> in one data base table. If we granting access to this table for all
> users, each user will be able to view or change data of other users,
> that's unacceptable. Using sudo we can give access for user only to his
> own data. It's simplest way we have found to protect data of other
> users. In postgresql we could use views, but not all DBMS have such
> mechanisms. We cannot although create single table for every user,
> because all users should know which DISPLAYs/ports are currently in use
> by other users.
>
> Rob you are right. The user which execute sql queries not necessarily
> should be root. As you can see, in x2gopgwrapper.local all queries are
> executed with user postgres. We could make same changes in
> x2gopgwrapper_local and x2gopgwrapper_net, but wee need to add a new
> user into a system (as user "x2go" in your example). Unfortunately since
> x2goserver version 3_0.1-9
> (http://x2go.obviously-nice.de/deb/pool-heuler/x2goserver/)
> there is one more reason to run x2gopgwrapper as root. Running with
> argument "startshadowagent" x2gopgwrapper should start x2gostartagent as
> user which desktop will be displayed. I don't see the simple way to do
> this without root privileges.
>
>
> Rob Lemley schrieb:
>> Hey John,
>>
>> I double-triple checked again, and tried a session myself that mounted
>> my desktop with my changes. No issues.
>>
>> The only script that gets called with sudo is x2gopgwrapper. It's the
>> only script that can get called as it's the only entry added to the
>> sudoers file.
>>
>> x2gopgwrapper calls one of x2pgwrapper_local, x2pgwrapper_sqlite, or
>> x2pgwrapper_net. That's all it does. Those scripts are a giant case
>> blocks that only runs sql queries against a database.  In the case of
>> sqlite you need to assume the id of the sqlite database file owner. (I
>> thought about making the file group-writable, but chose not to go that
>> direction. With the sudoers entry and the script there's some level of
>> protection from average-joe user mangling the database.) As for
>> postgres, it's the same idea. It can authenticate by userid with the
>> right entry in pg_hba.conf (?? right filename??)
>>
>> The mounting and unmounting seems to be done through fuse so the only
>> privilege needed is to be a member of the fuse group.  The
>> x2gocleansessions process started by init will unmount a fuse mounted
>> directory if it finds a stale session, but that is running as root so
>> there's no issue there.
>>
>> Enjoy the rest of your getaway!
>>
>> -rob
>>
>>
>> <snip>
>> On Sat, Oct 2, 2010 at 9:56 AM, John A. Sullivan III
>> <jsullivan at opensourcedevel.com> wrote:
>>> <snip>
>>> Hi, Rob.  I'm on a getaway with the family and "sneaking" this in so I
>>> may be remembering the details incorrectly :)
>>>
>>> You may want to trace all the other scripts which are invoked as part of
>>> the process, especially x2gomount_sessions and x2goumount_sessions.
>>> These may need root access - I'm not sure - John
>>>
>>
>> Hey John,
>> _______________________________________________
>> X2go-dev mailing list
>> X2go-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/x2go-dev
>
>
> --
> Oleksandr Shneyder
> Dipl. Informatik
> X2go Core Developer Team
>
> email:  oleksandr.shneyder at obviously-nice.de
> web: www.obviously-nice.de
>
> --> X2go - everywhere at home
>
>
> _______________________________________________
> X2go-dev mailing list
> X2go-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev
>
>

More information about the x2go-dev mailing list