[X2Go-Dev] Published Applications
Stefan Baur
newsgroups.mail2 at stefanbaur.de
Fri Apr 20 14:03:45 CEST 2012
Am 20.04.2012 13:57, schrieb Vasilica Petcu:
> Ok... So I see that my questions turned on the heating :)
Popcorn anyone? ;-) Or ice-cream? ;-)
> 1) It is possible to restrict users/groups access to "published
> applications" with Extended Attributes...
>
> But I still have a question about that...
> In a clustered environment, the Extended Attributes on all machine
> suppose to be the same... right ?
I don't have experience with clusters, but I'd say, if EAs (or more
generally speaking, file ownership/permissions) don't match across
individual cluster members, your cluster is somehow out of sync, which
sounds bad.
> 2) User access to only "published applications" can be achieved only if
> it doesn't exist a Desktop Environment...
To sum it up, you can:
- opt to not install a DE at all
- limit access to it via file system attributes (make e.g. startkde
executable only for owner and a specific group, and only add users that
are supposed to run startkde to this group)
- limit access to it via apparmor/SELinux etc., as suggested by Mike.
-Stefan
More information about the x2go-dev
mailing list