[X2Go-Dev] x2go "group policies" (was Re: Published Applications)

[Oleksandr Shneyder]

Am 20.04.2012 11:12, schrieb Moritz Struebe:
> On 2012-04-20 10:52, Denis Cardon wrote:
>> one thing I am missing from nx is in fact the nxacl file. It allowed
>> me to setup access rights depending no the source ip and login of
>> users and time of the day. For example I have one group of user that
>> can login from the internal network only, while another group of road
>> warriors that can log both from local or remote location. It is very
>> cumbersome to do at the ssh level, and the nxacl file was very handy
>> to do this. Perhaps there is a way to reproduce this behavior in x2go,
>> and sorry if I missed it.
>>
>> On the file ACL point of view, I thing the
>> apparmor/selinux/nameyourown framework way to be much more clean. I
>> don't like much the idea to change ACL on programs because of
>> maintainability, for example on software upgrade and all (and IMHO
>> security needs maintainability), and I think a broader framework to be
>> more suitable (no opinion on which one).
>>
> 
> Again, due to the way x2go works it is not possible to enforce this.
> x2go is just a very efficient way of "ssh -X". If it wasn't for
> maintainability, we could even get rid of the sqlite database and start
> the x2go manually.
> 
> Morty

+1
The main idea of X2Go is to use existing UNIX tools for data transport,
authentication, access control, etc. This is why we decided to develop
X2Go and not to improve, for example, freenx.

Any Idea to provide something like nxacl will be refused.

Regards,
Alex
-- 
Oleksandr Shneyder
Dipl. Informatik
X2go Core Developer Team

email:  oleksandr.shneyder at obviously-nice.de
web: www.obviously-nice.de

--> X2go - everywhere at home

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20120420/ece9858d/attachment.pgp>