On 03/31/2011 08:44 PM, Dick Kniep wrote: > > Hi list, > > > > Reading all comments on my stone in the pond I still think it is not > really clear what the problem is (and my proposed solution) > > > I do not want to secure the entire server. I only want a door that can > be locked. So I allow a user to use the terminal. Okay he is allowed > to use the terminal and so he can do anything he likes. No problem. > > > > Or I say on the server the user may only use program XYZ. XYZ starts > and that is all. If XYZ deletes my system that is Okay by me. The user > had access to that program and that is it. > > > > This can be enforced by my simple solution. From the client a command > is sent, say "Start terminal". Then in the wrapper, the user is > matched with the command and if the match exists, the command is > allowed and is executed. If not, the request is rejected. > > > > Maybe this can be achieved also by apparmor, but it looks to me that > apparmor is intended to secure the entire system which is really not > what I want. (Or maybe I am mistaken because of lack of knowledge of > apparmor) > > > > Dick Kniep > > >
It looks like you want an "authorization" solution. And that is what functionality like "sudo" is meant for. You make your users members of a certain group and then give that group rights to only specific executables. If they try to execute anything else, the command will fail. Regards, Gerry _______________________________________________ X2go-dev mailing list X2go-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-dev
