This is an old revision of the document!
The default version of the /etc/x2go/broker/x2gobroker-sessionprofiles.conf
configuration file can be viewed here.
The file format is the INI file format. It falls in to a [DEFAULT] section and one or more session profile sections. A minimal setup could look like this.
[DEFAULT] command=XFCE fullscreen=true [staff-server] host=x2go-staff.intern [student-server] host=x2go-student-01.intern [admin-server] host=x2go-admin.intern fullscreen=false width=1280 height=768
Note that every X2Go Client parameter not given here gets filled in from a hard-coded default configuration.
If a user has been successfully authenticated against the X2Go Session Broker (or a user name has been given via the http request for cases where check-credentials
in x2gobroker.conf
is set to false
) you can use the user's UID, GID and the client address from that the user connects to filter out session profiles.
[DEFAULT] command=XFCE fullscreen=true [staff-server] host=x2go-staff.intern acl-groups-allow=staff,admins acl-groups-deny=ALL acl-any-order=deny-allow [student-server] host=x2go-student-01.intern acl-groups-allow=students,admins acl-groups-deny=ALL acl-any-order=deny-allow [admin-server] host=x2go-admin.intern fullscreen=false width=1280 height=768 acl-groups-allow=admins acl-groups-deny=ALL acl-any-order=deny-allow
The ACL rules work very similar to Apache ACL rules (allow, deny statements in apache2.conf
).
To set the order (deny, allow vs. allow, deny), use this parameter
acl-any-order = {deny-allow|allow-deny}
(apply order to any ACL)acl-users-order = {deny-allow|allow-deny}
(apply order to user ACLs only)acl-groups-order = {deny-allow|allow-deny}
(apply order to group ACLs only)acl-clients-order = {deny-allow|allow-deny}
(apply order to client ACLs only)Furthermore, an aid for selecting the correct order (deny-allow vs. allow-deny):
User ACLs:
acl-users-allow = <user1>, <user2>, …, <userN>
acl-users-deny = ALL
Group ACLs:
acl-groups-allow = <group1>, <group2>, …, <groupN>
acl-groups-deny = ALL
Client ACLs:
acl-clients-allow = <subnet-or-ip>, <or-dns-hostname>
acl-clients-deny = ALL