Hello Rob, list In multi-user environment session informations of all users are stored in one data base table. If we granting access to this table for all users, each user will be able to view or change data of other users, that's unacceptable. Using sudo we can give access for user only to his own data. It's simplest way we have found to protect data of other users. In postgresql we could use views, but not all DBMS have such mechanisms. We cannot although create single table for every user, because all users should know which DISPLAYs/ports are currently in use by other users.
Rob you are right. The user which execute sql queries not necessarily should be root. As you can see, in x2gopgwrapper.local all queries are executed with user postgres. We could make same changes in x2gopgwrapper_local and x2gopgwrapper_net, but wee need to add a new user into a system (as user "x2go" in your example). Unfortunately since x2goserver version 3_0.1-9 (http://x2go.obviously-nice.de/deb/pool-heuler/x2goserver/) there is one more reason to run x2gopgwrapper as root. Running with argument "startshadowagent" x2gopgwrapper should start x2gostartagent as user which desktop will be displayed. I don't see the simple way to do this without root privileges. Rob Lemley schrieb: > Hey John, > > I double-triple checked again, and tried a session myself that mounted > my desktop with my changes. No issues. > > The only script that gets called with sudo is x2gopgwrapper. It's the > only script that can get called as it's the only entry added to the > sudoers file. > > x2gopgwrapper calls one of x2pgwrapper_local, x2pgwrapper_sqlite, or > x2pgwrapper_net. That's all it does. Those scripts are a giant case > blocks that only runs sql queries against a database. In the case of > sqlite you need to assume the id of the sqlite database file owner. (I > thought about making the file group-writable, but chose not to go that > direction. With the sudoers entry and the script there's some level of > protection from average-joe user mangling the database.) As for > postgres, it's the same idea. It can authenticate by userid with the > right entry in pg_hba.conf (?? right filename??) > > The mounting and unmounting seems to be done through fuse so the only > privilege needed is to be a member of the fuse group. The > x2gocleansessions process started by init will unmount a fuse mounted > directory if it finds a stale session, but that is running as root so > there's no issue there. > > Enjoy the rest of your getaway! > > -rob > > > <snip> > On Sat, Oct 2, 2010 at 9:56 AM, John A. Sullivan III > <jsulli...@opensourcedevel.com> wrote: >> <snip> >> Hi, Rob. I'm on a getaway with the family and "sneaking" this in so I >> may be remembering the details incorrectly :) >> >> You may want to trace all the other scripts which are invoked as part of >> the process, especially x2gomount_sessions and x2goumount_sessions. >> These may need root access - I'm not sure - John >> > > Hey John, > _______________________________________________ > X2go-dev mailing list > X2go-dev@lists.berlios.de > https://lists.berlios.de/mailman/listinfo/x2go-dev -- Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team email: oleksandr.shney...@obviously-nice.de web: www.obviously-nice.de --> X2go - everywh...@home
signature.asc
Description: OpenPGP digital signature
_______________________________________________ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
