Re: [X2Go-User] X2GO client admin lock

[Urbanovits György]

Thanks a lot Stefan that is good way for first step

All my best
George

2024. 04. 29, hétfő keltezéssel 12.40-kor Stefan Baur ezt írta:
Am 01.03.24 um 14:45 schrieb Urbanovits György:
Hello,

My idea to use X2GO in corp environment on linux & windoze, and I have complain 
about possible miss-configuration or "accidental settings" of client setting by 
users. There is any existing solution to lock client settings (all settings) by 
users?
For example make connection, configuration setting to set ready 
only/dimmed-grayed out exempt someone who have admin rights?

any advise, suggestion welcome

To avoid accidental changes, you can use --no-menu and
--no-session-edit, as explained in "man x2goclient", and store the
sessions file on a read-only network share.
--session-conf=/path/to/sessions-file is the parameter for that, also
explained in the manpage.

Or you can use a session broker setup.

However, there is no way of stopping a user that deliberately wants to
mess with the configuration.
They will always find a way to run x2goclient without any
parameters/with their custom parameters, bypassing your restrictions.

I guess the only way around it might (i.e., still no guarantee) be the
HTML5Client in a rather elaborate setup, where users do not have direct
access to the X2GoServer via IP, only to the HTML5Client. But, the
HTML5Client is neither release-ready nor feature-complete yet ...

Kind Regards,
Stefan Baur

--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] X2GO client admin lock

[Stefan Baur]

Am 29.04.24 um 08:02 schrieb Ulrich Sibiller:

I think something like that is possible using the x2go broker.


No. Not in the sense that it can be locked down completely against a
"hostile" user. There are ways to provide sane defaults, though.
(See my reply to the original post for a lengthy answer.)

Kind Regards,
Stefan Baur

--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] X2GO client admin lock

[Stefan Baur]

Am 01.03.24 um 14:45 schrieb Urbanovits György:

Hello,

My idea to use X2GO in corp environment on linux & windoze, and I have complain about 
possible miss-configuration or "accidental settings" of client setting by users. 
There is any existing solution to lock client settings (all settings) by users?
For example make connection, configuration setting to set ready 
only/dimmed-grayed out exempt someone who have admin rights?

any advise, suggestion welcome


To avoid accidental changes, you can use --no-menu and
--no-session-edit, as explained in "man x2goclient", and store the
sessions file on a read-only network share.
--session-conf=/path/to/sessions-file is the parameter for that, also
explained in the manpage.

Or you can use a session broker setup.

However, there is no way of stopping a user that deliberately wants to
mess with the configuration.
They will always find a way to run x2goclient without any
parameters/with their custom parameters, bypassing your restrictions.

I guess the only way around it might (i.e., still no guarantee) be the
HTML5Client in a rather elaborate setup, where users do not have direct
access to the X2GoServer via IP, only to the HTML5Client. But, the
HTML5Client is neither release-ready nor feature-complete yet ...

Kind Regards,
Stefan Baur

--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

Re: [X2Go-User] X2GO client admin lock

[Ulrich Sibiller]

I think something like that is possible using the x2go broker.

Uli

Urbanovits György  schrieb am Fr., 1. März
2024, 14:45:

> Hello,
>
> My idea to use X2GO in corp environment on linux & windoze, and I have
> complain about possible miss-configuration or "accidental settings" of
> client setting by users. There is any existing solution to lock client
> settings (all settings) by users?
> For example make connection, configuration setting to set ready
> only/dimmed-grayed out exempt someone who have admin rights?
>
> any advise, suggestion welcome
>
> thanks
> George Urbanovits
> ___
> x2go-user mailing list
> x2go-user@lists.x2go.org
> https://lists.x2go.org/listinfo/x2go-user
>
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user

[X2Go-User] X2GO client admin lock

[Urbanovits György]

Hello,

My idea to use X2GO in corp environment on linux & windoze, and I have complain 
about possible miss-configuration or "accidental settings" of client setting by 
users. There is any existing solution to lock client settings (all settings) by 
users?
For example make connection, configuration setting to set ready 
only/dimmed-grayed out exempt someone who have admin rights?

any advise, suggestion welcome

thanks
George Urbanovits
___
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user