User Tools

Site Tools


x2gobroker:inifilebackend

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
x2gobroker:inifilebackend [2013/05/12 22:26]
sunweaver
x2gobroker:inifilebackend [2013/07/02 00:36]
sunweaver [Special Broker Options]
Line 2: Line 2:
  
 The default version of the ''/​etc/​x2go/​broker/​x2gobroker-sessionprofiles.conf''​ configuration file can be viewed [[http://​code.x2go.org/​gitweb?​p=x2gobroker.git;​a=blob;​f=etc/​broker/​x2gobroker-sessionprofiles.conf|here]]. The default version of the ''/​etc/​x2go/​broker/​x2gobroker-sessionprofiles.conf''​ configuration file can be viewed [[http://​code.x2go.org/​gitweb?​p=x2gobroker.git;​a=blob;​f=etc/​broker/​x2gobroker-sessionprofiles.conf|here]].
 +
 +===== Basic Configuration File =====
  
 The file format is the INI file format. It falls in to a [DEFAULT] section and one or more session profile sections. A minimal setup could look like this. The file format is the INI file format. It falls in to a [DEFAULT] section and one or more session profile sections. A minimal setup could look like this.
Line 24: Line 26:
  
 Note that every X2Go Client parameter not given here gets filled in from a [[http://​code.x2go.org/​gitweb?​p=x2gobroker.git;​a=blob;​f=x2gobroker/​defaults.py|hard-coded default configuration]]. Note that every X2Go Client parameter not given here gets filled in from a [[http://​code.x2go.org/​gitweb?​p=x2gobroker.git;​a=blob;​f=x2gobroker/​defaults.py|hard-coded default configuration]].
 +
 +===== Filtering through Access Control List =====
 +
 +If a user has been successfully authenticated against the X2Go Session Broker (or a user name has been given via the http request for cases where ''​check-credentials''​ in ''​x2gobroker.conf''​ is set to ''​false''​) you can use the user's UID, GID and the client address from that the user connects to filter out session profiles.
 +
 +<​file>​
 +[DEFAULT]
 +command=XFCE
 +fullscreen=true
 +
 +[staff-server]
 +host=x2go-staff.intern
 +acl-groups-allow=staff,​admins
 +acl-groups-deny=ALL
 +acl-any-order=deny-allow
 +
 +[student-server]
 +host=x2go-student-01.intern
 +acl-groups-allow=students,​admins
 +acl-groups-deny=ALL
 +acl-any-order=deny-allow
 +
 +[admin-server]
 +host=x2go-admin.intern
 +fullscreen=false
 +width=1280
 +height=768
 +acl-groups-allow=admins
 +acl-groups-deny=ALL
 +acl-any-order=deny-allow
 +</​file>​
 +
 +==== List of ACL rules ====
 +
 +The ACL rules work very similar to Apache ACL rules (allow, deny statements in ''​apache2.conf''​).
 +
 +To set the order (deny, allow vs. allow, deny), use this parameter
 +
 +  * ''​acl-any-order = {deny-allow|allow-deny}''​ (apply order to any ACL)
 +  * ''​acl-users-order = {deny-allow|allow-deny}''​ (apply order to user ACLs only)
 +  * ''​acl-groups-order = {deny-allow|allow-deny}''​ (apply order to group ACLs only)
 +  * ''​acl-clients-order = {deny-allow|allow-deny}''​ (apply order to client ACLs only)
 +
 +Furthermore,​ an aid for selecting the correct order (deny-allow vs. allow-deny): ​
 +
 +**User ACLs:**
 +
 +  * ''​acl-users-allow = <​user1>,​ <​user2>,​ ..., <​userN>''​
 +  * ''​acl-users-deny = ALL''​
 +
 +**Group ACLs:**
 +
 +  * ''​acl-groups-allow = <​group1>,​ <​group2>,​ ..., <​groupN>''​
 +  * ''​acl-groups-deny = ALL''​
 +
 +**Client ACLs:**
 +
 +  * ''​acl-clients-allow = <​subnet-or-ip>,​ <​or-dns-hostname>''​
 +  * ''​acl-clients-deny = ALL''​
 +
 +
 +
 +
 +
x2gobroker/inifilebackend.txt ยท Last modified: 2013/07/02 00:36 by sunweaver