Hello Am Dienstag 14 Mai 2013, 15:31:43 schrieb Nicolas DEFFAYET: > I have installed your package > http://appcenter.software-univention.de/univention-repository/3.1/maintained/component/xrdp/source/xrdp_0.7.0~20130117git-0.4.30.201301301232.dsc > after rebuild it without any change on a Debian Wheezy x64.
It has a companion package called univention-xrdp ... > xrdp run as user xrdp (default settings in /etc/init.d/xrdp) > xrdp 2362 1 0 13:02 ? 00:00:00 /usr/sbin/xrdp > root 2610 1 0 13:02 ? 00:00:00 /usr/sbin/xrdp-sesman ... > connection denied ... > If i start xrdp as root it work fine ... > On > http://www.mail-archive.com/xrdp-devel@lists.sourceforge.net/msg01199.html, > you wrote: > > "Because X11rdp is foked from xrdp-sesman, which runs your session as > your regular user. Thus the socket /tmp/.xrdp/... is created as $USER: > $GROUP with permissions 0700. > With Debian xrdp runds as xrdp:xrdp, which is not enough to connect to > that socket. > Running xrdp by-passes that permission check, but then you're running > the daemon as root with all the bad security implications. ... > I'm loss, it's not possible to run xrdp as user ? Yes (if you want to use X11rdp) > So why /etc/init.d/xrdp start xrdp as user ? Because I took the original Debian packacking, replaced xrdp with the version from GIT and than enabled X11rdp. Since Debian never built X11rdp, they never experienced the permission problem and took the right approach to not run an network facing daemon with root permissions. In our UCS package we took the easy root and run xrdp as root, but I'd advise you not make that network port publically available. > Did you have tried to have beautiful login screen something like Suse do > for xrdp login: That's part of our univention-xrdp package, which also contains the integration into our management system. Sincerely Philipp -- Philipp Hahn Open Source Software Engineer h...@univention.de Univention GmbH be open. fon: +49 421 22 232- 0 Mary-Somerville-Str.1 D-28359 Bremen fax: +49 421 22 232-99 http://www.univention.de/ ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
