[X2go-dev] Use case for an x2go user-group
Heinz-M. Graesing
x2go-dev at x2go.org
Mon Feb 21 09:13:39 CET 2011
Hello Mike,
hello list,
Am 20.02.2011 10:48, schrieb Mike Gabriel:
> So, @Heinz and/or Alex: Could you please give your opinion on this
> discussion rather sooner than later?
The x2go usergroup was used to restrict the access to "x2gopgwrapper".
This main use case is no longer existant, because of the changes made to
the postgres database handling.
If you want to deny users access to a server, it is a better idea to
think about a more complete solution, as users outside this group still
can have access via ssh (-X).
As the main purpose of this construction is no longer needed, we should
not keep it alive. Allowing users to run applications as another user is
always a great security issue.
As Alex and I have discussed this topic, we've come to the conclusion to
drop the need of the group and sudo at all.
This leads to the following suggestions:
You should use pgsql backend in all cases except home,
(very) small office network or VM pools where each user has his own VM.
So in future there will be:
1. no need to have sudo entry.
2. no need to have 'x2gousers' group
3. no need to insert users in 'x2gousers' group
This will also solve a Bug on debian edu:
http://www.mail-archive.com/debian-edu@lists.debian.org/msg19665.html
Best Regards,
Alex & Heinz
More information about the x2go-dev
mailing list