[X2Go-Dev] Bug#372: Bug#372: x2goadmin writes to users homes

Mon Dec 16 08:34:34 CET 2013

Hi Reinhard,

On  So 15 Dez 2013 01:13:35 CET, Reinhard Tartler wrote:

> Package: x2goserver
> Severity: serious
>
> Hi,
>
> my understanding of the x2goadmin code [code], end of sub add_user, is
> that the code tries to write the sql password in users homes. This
> will fail for installations that have the user homes on NFS with the
> option "rootsquash" mounted.
>
> I set the severity to "serious" because I imagine that this is a
> rather common scenario.
>
> Also, this approach has another problem: Imagine you want to give
> access to the unix group "staff"? According to the documentation, you
> can use the options "--addgroup" and "--rmgroup" for this. What if a
> new employee joins the company later and wants to use x2go? In this
> case you need to call x2godbadmin for this new user again, which is
> suboptimal.
>
> Is there really no way to get around generated user passwords?
>
> [code]  
> http://code.x2go.org/gitweb?p=x2goserver.git;a=blob;f=x2goserver/sbin/x2godbadmin

I install x2goserver on the file servers and run x2godbadmin there  
daily in a cron job.

If you have distributed file servers, one should test for the $HOME to  
be accessible in x2godbadmin.

If needed, we could split out x2godbadmin from the x2goserver package  
and provide it as a standalone package.

As this is a workaround and not a solution to your question above,  
let's see if Alex has a comment on this.

Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20131216/29268e9e/attachment.pgp>