[X2Go-Dev] x2go "group policies" (was Re: Published Applications)
Moritz Struebe
Moritz.Struebe at informatik.uni-erlangen.de
Fri Apr 20 11:12:37 CEST 2012
On 2012-04-20 10:52, Denis Cardon wrote:
> one thing I am missing from nx is in fact the nxacl file. It allowed
> me to setup access rights depending no the source ip and login of
> users and time of the day. For example I have one group of user that
> can login from the internal network only, while another group of road
> warriors that can log both from local or remote location. It is very
> cumbersome to do at the ssh level, and the nxacl file was very handy
> to do this. Perhaps there is a way to reproduce this behavior in x2go,
> and sorry if I missed it.
>
> On the file ACL point of view, I thing the
> apparmor/selinux/nameyourown framework way to be much more clean. I
> don't like much the idea to change ACL on programs because of
> maintainability, for example on software upgrade and all (and IMHO
> security needs maintainability), and I think a broader framework to be
> more suitable (no opinion on which one).
>
Again, due to the way x2go works it is not possible to enforce this.
x2go is just a very efficient way of "ssh -X". If it wasn't for
maintainability, we could even get rid of the sqlite database and start
the x2go manually.
Morty
--
Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter)
Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme)
Friedrich-Alexander-Universität Erlangen-Nürnberg
Martensstr. 1
91058 Erlangen
Tel : +49 9131 85-25419
Fax : +49 9131 85-28732
eMail : struebe at informatik.uni-erlangen.de
WWW : http://www4.informatik.uni-erlangen.de/~morty
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4992 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20120420/ae721fa7/attachment.bin>
More information about the x2go-dev
mailing list