On 11-02-18 22:24, John A. Sullivan III <[email protected]> wrote: > On Fri, 2011-02-18 at 21:02 +0100, Alexander Wuerstlein wrote: > > On 11-02-18 20:34, Gerry Reno <[email protected]> wrote: > > > On 02/18/2011 02:14 PM, Alexander Wuerstlein wrote: > > > > On 11-02-18 19:59, Gerry Reno <[email protected]> wrote: > > > > > > > >> On 02/18/2011 01:18 PM, Reinhard Tartler wrote: > > > >> > > > >>> On Fri, Feb 18, 2011 at 18:52:28 (CET), John A. Sullivan III wrote: > Hey - that wasn't me - that was Gerry :)
Oh, I'm sorry, that was an accident when deleting stuff... > > > >> Are you implying that every user on any x2go server would be able to > > > >> launch a remote x2go desktop by default? > > > >> > > > > Yes. > > > > > > > > > > That would be a security hole. > > > > In what sense? That would only be a security hole if x2go were less > > secure than simple ssh logins. If that is the case, those security > > problems should of course be fixed. But I don't see the risk in allowing > > x2go usage to users who can use ssh anyways. > > I'm thinking we should err on the side of security and make it secure by > default with the option to loosen. That said, is there a way to achieve > all goals? We do need to stop the sudo log spam. We do need to prevent > misfired installations that required great expertise to sort out. What > if, instead of using sudo, we did lock down the x2go scripts by default > with restricted ownership as suggested to those who responded to this > thread concerned about security. That leaves us with maintaining local > groups but that is not the end of the world. It eliminates the sudo > problem and makes us secure by default rather than exception. Sounds like a good idea. Ciao, Alexander Wuerstlein. _______________________________________________ X2go-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
