[X2go-dev] Wishlist: x2gofeatures query before session start
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Mon Mar 21 09:44:50 CET 2011
Hi Morty,
On Mo 21 Mär 2011 08:52:04 CET Moritz Struebe wrote:
> On 2011-03-20 16:01, Mike Gabriel wrote:
>>> The right way of doing this, would be to the learn about Linux system
>>> administration and use the sufficient tools already provided to you
>>> (e.g. ACLs). Everything else creates false feeling of security.
>>
>> What exactly are you aiming at?
>
> I am aiming at x2go-client/server being the wrong place to do rights
> management. IMO if someone tires to start an x2go session, who is not
> allowed to do so, should fail starting the server and get a notice of
> this. I don't see any reason for handshaking, unless this has something
> to do with x2go. And IMO rights management isn't.
>
> But that's my opinion.
I share your opinion. So there are two parts of such a feature...
1. control management through the available posix etc. mechanisms
2. a script x2gofeatures, that can tell the client what is allowed and what
not: if the server can tell the client what's possible and what not the
session start up will be much faster compared to stumbling over a couple
of session errors during session handshakes
Would apparmor be one way to go? Do you already have a clearer idea
how you would tighten up a system?
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110321/5366a88b/attachment.pgp>
More information about the x2go-dev
mailing list