[X2Go-User] x2go sessions
Hi there, is there a way I can limit the session types I offer to x2go clients? I would like to stop users from using gnome/kde sessions and get them to use icewm instead. I do realise that if they know how to they could simply execute the relevant session program directly. I'd just like to make the default session sane. Cheers magnus -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
[X2Go-User] Security setup on server with x2go
Hello, I would like to ask experienced users, how they solve security topics on their x2go servers. I have the server where users are allowed to start only very a limited set of commands through ssh. I am using sshd_config option ForceCommand which allows to start only /usr/local/bin/check_ssh_cmd where I test SSH_ORIGINAL_COMMAND. Everything works fine so far. Now I need to allow users to start also some commands through x2goclient. The problem is that in order x2go to work I need to allow also every single command which is sent by x2goclient. I tried to track what is being sent and there are a lot of commands like 'sh -c echo X2GODATABEGIN: ... echo X2GODATAEND'. So the question is, how to write the rules in check_ssh_cmd wrapper script. If I would allow any command containing X2GODATABEGIN and X2GODATAEND, it would probably work, but my security setup of ssh would be broken, because somebody who knows, how x2go internally works, could sent his own commands wrapped in X2GODATABEGIN and X2GODATAEND. What would you recommend? Any sugestions are appreciated. Pavel ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
[X2Go-User] restricting access to published applications
Hi! Is there a chance to restrict access to x2go server to only published applications sessions in the way that a user can only establish x2go published applications sessions but no desktop session? Thankfully Yours! Bernhard -- ## Preisträger Constantinus-Preis 2012 Nutzen Sie auch unsere Apps für Android: Übersicht über alle deutschen ICD10-Codes: https://play.google.com/store/apps/details?id=net.eaustria.icd10.release Alle Arzneimittel und Medikamenten direkt am Smartphone: https://play.google.com/store/apps/details?id=net.eaustria.eaustria_medication.app ## Dr. Bernhard J. Mayr, MBA Projektkoordinator elexis-austria | Freie Software für freie Berufe Tulpenweg 10 4600 Wels, Austria Tel.: +43(0)660 31 96 763 E-Mail: bernhard.m...@elexis-austria.net www: www.elexis-austria.net www: www.arztsoftware.it fb: www.facebook.com/elexis-austria youtube: www.youtube.com/elexisaustria attachment: bernhard_mayr.vcf___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] restricting access to published applications
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 22.10.2014 um 12:46 schrieb Bernhard J. Mayr: Is there a chance to restrict access to x2go server to only published applications sessions in the way that a user can only establish x2go published applications sessions but no desktop session? The safest way (as in actually denying access, rather than just hiding it) is to use unix file system permissions and group memberships. Make sure your users are in a certain group, make sure this group has the rights to execute the published applications, but remove the right from the desktop session starter executables. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUR446AAoJEG7d9BjNvlEZIssH/2xHlOayYpOP6/R7ef9XJmhd lJhgvlaLmVWOfJBwir1F13uNYBdW1/zReD2Za7gUpy33VZ+TYhI+N+aKkmmqhNKA clvj+LDuulpojWUsn1nbjrYYiYaxsSJckyq2y7yMz0VDqDY9dr0DNDtjO4DGUlwH nScYsdBBcv2rH2zYG9XIakwVegxUg6b1PGgo10aDxk1IRB2QHBHYJ4/tmu0OIbnZ PlgcwM4uXEreTVdXbSYTtGd/I44PB4D7F5wYN1l89aA+ben9DFEDVFDKmrcA69Ph MZ2LjlOsHHNrDWAiFm2IDUiHXx4I8zquPRbFt+R1oCtXLswFGEzsYugiCmsVjZE= =M9IF -END PGP SIGNATURE- ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] x2go-user Digest, Vol 6, Issue 19
I installed the latest version and it worked, thanks! On 10/22/2014 04:05 AM, Mike Gabriel wrote: On Di 21 Okt 2014 15:55:06 CEST, Tom McManus wrote: Running 4.0.2.1 version gives error: Can't start X server Please check settings X11 application: /Applications/Utilities/XQuartz.app X11 version: 0.0.0 Any ideas? Thanks! Sounds like XQuartz is not installed... Please get XQuartz and install it. Mike The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] restricting access to published applications
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 22.10.2014 um 13:00 schrieb Stefan Baur: Is there a chance to restrict access to x2go server to only published applications sessions in the way that a user can only establish x2go published applications sessions but no desktop session? The safest way (as in actually denying access, rather than just hiding it) is to use unix file system permissions and group memberships. Make sure your users are in a certain group, make sure this group has the rights to execute the published applications, but remove the right from the desktop session starter executables. Addendum: Of course, if you do not need a full desktop environment at all, you could also go ahead and uninstall it. X2Go in PubApp/Single App mode will run just fine without one. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUR49uAAoJEG7d9BjNvlEZ+fAH/jxScYtvb2kEn9skEeFncl0I LxD31UmZIEtLA1Fg3up0M7LVZvCG0ft+IRPJ+IvVUTCmJIYTmIg5baaExk4aD35w GpHE2jT5eCJtvSdbCuYaVndA2DkpVIRLZECkWmKwaYUvXJnNXwWM8dNDtJulpfoh Hmtg8cjnlXyz++lBmNJD9TZBbh/KXhSRuf5Gizmbyxoni/rWdsReplDNhBUJYx5t yEO+iEAtrpPk5APQfANTqKsHPZdvdxfG0yPaI8KDvVTBAgtfHDprjLnr5CKy2Yog +8Vr5cPI8Sn7drq3fQPfCperPnMcB3hwOOPCCW5BVXpHhTWUmY+VWxVCbuca9Bs= =d14E -END PGP SIGNATURE- ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
[X2Go-User] x2go 4.0.3.0.client for OSX
Hi I was looking for the recently announced x2go v4.0.3.0 client for OSX at http://code.x2go.org/releases/binary-macosx/x2goclient/releases/ but the latest there is 4.0.2.1 dated 21 Oct 09:29. Does this directory take a while to sync up with releases or am I looking in the wrong place? I notice that the heuler directory has 4.0.3.0 subdirectory with a 4.0.3.0 x2goclient dmg. Thanks Roderick ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
Re: [X2Go-User] x2go 4.0.3.0.client for OSX
On Oct 22, 2014, at 7:48 AM, Roderick Johnstone r...@ast.cam.ac.uk wrote: Hi I was looking for the recently announced x2go v4.0.3.0 client for OSX at http://code.x2go.org/releases/binary-macosx/x2goclient/releases/ but the latest there is 4.0.2.1 dated 21 Oct 09:29. Does this directory take a while to sync up with releases or am I looking in the wrong place? I notice that the heuler directory has 4.0.3.0 subdirectory with a 4.0.3.0 x2goclient dmg. I tried the two versions in the healer directory and they both crash on my 10.10 MBP. :-( Thanks Roderick ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user ___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user
[X2Go-User] client side printing
I am having big trouble administering client side print functionality. I have installed the x2go print package on the server. The user is in the fuse group and there is a spool-dir mounted. In the X2Go Client I configured client side printing. bmayr@127.0.0.1:/home/bmayr/.x2go/S-root-50-1413989095_stDLXDE_dp24/spool on /tmp/.x2go-root/spool/C-root-50-1413989095_stDLXDE_dp24 type fuse.sshfs (rw,nosuid,nodev,default_permissions) When I start a print job, nothing happens. The cups-access log says: localhost - - [22/Oct/2014:17:03:01 +0200] POST /printers/Virtual_X2Go_Printer HTTP/1.1 200 21992 Print-Job successful-ok Any ideas what I can do to enable client side printing? Thankfully Yours, -- ## Preisträger Constantinus-Preis 2012 Nutzen Sie auch unsere Apps für Android: Übersicht über alle deutschen ICD10-Codes: https://play.google.com/store/apps/details?id=net.eaustria.icd10.release Alle Arzneimittel und Medikamenten direkt am Smartphone: https://play.google.com/store/apps/details?id=net.eaustria.eaustria_medication.app ## Dr. Bernhard J. Mayr, MBA Projektkoordinator elexis-austria | Freie Software für freie Berufe Tulpenweg 10 4600 Wels, Austria Tel.: +43(0)660 31 96 763 E-Mail: bernhard.m...@elexis-austria.net www: www.elexis-austria.net www: www.arztsoftware.it fb: www.facebook.com/elexis-austria youtube: www.youtube.com/elexisaustria attachment: bernhard_mayr.vcf___ x2go-user mailing list x2go-user@lists.x2go.org http://lists.x2go.org/listinfo/x2go-user