User Tools

Site Tools


x2gobroker:inifilebackend

This is an old revision of the document!


X2Go Session Broker Config File: x2gobroker-sessionprofiles.conf

The default version of the /etc/x2go/broker/x2gobroker-sessionprofiles.conf configuration file can be viewed here.

Basic Configuration File

The file format is the INI file format. It falls in to a [DEFAULT] section and one or more session profile sections. A minimal setup could look like this.

[DEFAULT]
command=XFCE
fullscreen=true

[staff-server]
host=x2go-staff.intern

[student-server]
host=x2go-student-01.intern

[admin-server]
host=x2go-admin.intern
fullscreen=false
width=1280
height=768

Note that every X2Go Client parameter not given here gets filled in from a hard-coded default configuration.

Filtering through Access Control List

If a user has been successfully authenticated against the X2Go Session Broker (or a user name has been given via the http request for cases where check-credentials in x2gobroker.conf is set to false) you can use the user's UID, GID and the client address from that the user connects to filter out session profiles.

[DEFAULT]
command=XFCE
fullscreen=true

[staff-server]
host=x2go-staff.intern
acl-groups-allow=staff,admins
acl-groups-deny=ALL
acl-any-order=deny-allow

[student-server]
host=x2go-student-01.intern
acl-groups-allow=students,admins
acl-groups-deny=ALL
acl-any-order=deny-allow

[admin-server]
host=x2go-admin.intern
fullscreen=false
width=1280
height=768
acl-groups-allow=admins
acl-groups-deny=ALL
acl-any-order=deny-allow

List of ACL rules

The ACL rules work very similar to Apache ACL rules (allow, deny statements in apache2.conf).

To set the order (deny, allow vs. allow, deny), use this parameter

  • acl-any-order = {deny-allow|allow-deny} (apply order to any ACL)
  • acl-users-order = {deny-allow|allow-deny} (apply order to user ACLs only)
  • acl-groups-order = {deny-allow|allow-deny} (apply order to group ACLs only)
  • acl-clients-order = {deny-allow|allow-deny} (apply order to client ACLs only)

Furthermore, an aid for selecting the correct order (deny-allow vs. allow-deny):

User ACLs:

  • acl-users-allow = <user1>, <user2>, …, <userN>
  • acl-users-deny = ALL

Group ACLs:

  • acl-groups-allow = <group1>, <group2>, …, <groupN>
  • acl-groups-deny = ALL

Client ACLs:

  • acl-clients-allow = <subnet-or-ip>, <or-dns-hostname> * acl-clients-deny = ALL''
x2gobroker/inifilebackend.1368398851.txt.gz · Last modified: 2013/05/12 22:47 by sunweaver