On 2012-04-20 10:52, Denis Cardon wrote: > one thing I am missing from nx is in fact the nxacl file. It allowed > me to setup access rights depending no the source ip and login of > users and time of the day. For example I have one group of user that > can login from the internal network only, while another group of road > warriors that can log both from local or remote location. It is very > cumbersome to do at the ssh level, and the nxacl file was very handy > to do this. Perhaps there is a way to reproduce this behavior in x2go, > and sorry if I missed it. > > On the file ACL point of view, I thing the > apparmor/selinux/nameyourown framework way to be much more clean. I > don't like much the idea to change ACL on programs because of > maintainability, for example on software upgrade and all (and IMHO > security needs maintainability), and I think a broader framework to be > more suitable (no opinion on which one). >
Again, due to the way x2go works it is not possible to enforce this. x2go is just a very efficient way of "ssh -X". If it wasn't for maintainability, we could even get rid of the sqlite database and start the x2go manually. Morty -- Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter) Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Friedrich-Alexander-Universität Erlangen-Nürnberg Martensstr. 1 91058 Erlangen Tel : +49 9131 85-25419 Fax : +49 9131 85-28732 eMail : [email protected] WWW : http://www4.informatik.uni-erlangen.de/~morty
smime.p7s
Description: S/MIME Kryptografische Unterschrift
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
