[X2Go-User] x2go + chroot

[BUGHUNTER]

Hello Mike,

> I try to hear what you aim at... My guess: one central installation of
> X2Go and a desktop shell (GNOME, KDE, ...) or single applications.  

yes, that is right!

> Whereas the software rests in one single installations each user is  
> presented with his/her own chroot.

Having to setup applications for each user would be pita I think...

> How about installing X2Go + applications on the server and then  
> setting up a chroot with --bind mounts and tmpfs directories. Each  
> chroot jail will have _one_ homedir and ,,linked-in''-FHS-compliant  
> directories.

well, how exactly the chroot should be setup so that everything works?

> Tricky approach this will be...

if there is no best-practice in doing this already: how are people
preventing users from walking up the directory tree?

One might argue that a chroot is not really needed (if you have no
problem with users reading your /etc - why not) or e.g. SELinux might
be the better way to setup tighter server-side security precautions -
I am open to any solution, but I will prefer the one that is already
in use somewhere and is best supported by x2go developers. I would not
like to live on an island with this - should be easily reproducable
and no super-specialized ultra-individual setup... ;)

Looks for me like best solution would be if x2go-server had a chroot
feature, like e.g. ftp daemons - all other solutions look like
maintenance hell. Any chance in getting this on the development road
map? If it is tricky (certainly it is!) - this is one more argument
for doing it the right way once and forever... one config variable

chroot-users=yes

and everybody will go crazy :)))

Thanks for your attention,
Bughunter