[X2go-Dev] x2goserver package with setuidwrapper
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Mon Jul 18 17:59:20 CEST 2011
Hi Morty, hi Reinhard,
On Mo 18 Jul 2011 17:12:55 CEST Moritz Struebe wrote:
> On 2011-07-18 15:43, Mike Gabriel wrote:
>>>
>>> owner: root
>>
>> doesn't that conflict with the setuid bit?
>
> Damn. Stupid me!
>
>>
>> -> owner: x2gouser
>> -> + setuid bit
>>
>>> group: x2gouser
>>> chmod g+rx,g-w
>>> (Same for the directory containing the file.....)
>>
>> So how can we set permissions with setuid and owner=root?
>
>
> Should be possible using the group-S-bit -> keep the user, but make the
> database writeable to the x2gouser-group.
>
> Any objections? Did I think to short-sighted again?
Yes, this works!!! And everything belongs to root afterwards (setuid
wrapper, x2gosqlitewrapper.pl, x2go_sessions db, etc.
And/but it also reintroduces the group checking (X2go users must be in
group x2gousers).
I would also be happy about a comment on this by Arw...
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110718/d2e5daf6/attachment.pgp>
More information about the x2go-dev
mailing list