[X2Go-User] x2go sessions

[Stefan Baur]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 22.10.2014 um 12:09 schrieb Magnus Hagdorn:

> is there a way I can limit the session types I offer to x2go
> clients? I would like to stop users from using gnome/kde sessions
> and get them to use icewm instead. I do realise that if they know
> how to they could simply execute the relevant session program
> directly. I'd just like to make the default session sane.

Unix filesystem permissions / group membership on the actual executables?

That way, they can still select something else, but it just won't work.

If you want to lock them to a specific session profile, either place
x2goclient and its config file on a read-only network share and use
the --no-session-edit parameter, or use LDAP or the broker (for the
latter two, Heinz, Mike#1 and Alex should be able to tell you more - I
haven't toyed around with it myself yet, but from what I hear from the
guys, it offers that functionality).

Note that this doesn't protect against a custom X2Go client with a
different setup, if the user has a chance to store the executable and
config somewhere else.  Only filesystem permissions and group
membership will do that.

- -Stefan

- -- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUR4RQAAoJEG7d9BjNvlEZ8bIH/jT/NvN8eKvo7GLxt3IXniPT
uq0Dk37iAUEOizZh5VL0FEbg048ROWFkedkmFzHSjYp82Fid05LvUFJ0L4AapNe1
L39PFrLwTcTEKDIMD6iz0ZdgikX4ivzuaW6KJJyOfwf8zN2CrDnDPrxa4YClcQtu
VbXkc1iOgwPYMxLgugDcU1E8LguacDvGBqrBAd8TyPHzfPboojWOjONJojYH8yBo
iLsDoo+54sIY6HqhotyVs0NhPSZtSnrIOr4ncNYIW6ZKz3NRAMt01VkOEEDqPpHs
RB1+Y0nHHJ/tlRKLqDIxEi7ComUJkNNPY0mgCMt++JOvIeNEDtpjbwFKciUbCWw=
=HrPl
-----END PGP SIGNATURE-----