Am 20.04.2012 13:57, schrieb Vasilica Petcu:
Ok... So I see that my questions turned on the heating :)
Popcorn anyone? ;-) Or ice-cream? ;-)
1) It is possible to restrict users/groups access to "published
applications" with Extended Attributes...
But I still have a question about that...
In a clustered environment, the Extended Attributes on all machine
suppose to be the same... right ?
I don't have experience with clusters, but I'd say, if EAs (or more
generally speaking, file ownership/permissions) don't match across
individual cluster members, your cluster is somehow out of sync, which
sounds bad.
2) User access to only "published applications" can be achieved only if
it doesn't exist a Desktop Environment...
To sum it up, you can:
- opt to not install a DE at all
- limit access to it via file system attributes (make e.g. startkde
executable only for owner and a specific group, and only add users that
are supposed to run startkde to this group)
- limit access to it via apparmor/SELinux etc., as suggested by Mike.
-Stefan
_______________________________________________
X2Go-Dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-dev
