User Tools

Site Tools


x2gobroker:inifilebackend

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Last revision Both sides next revision
x2gobroker:inifilebackend [2013/05/12 22:23]
sunweaver created
x2gobroker:inifilebackend [2013/07/02 00:36]
sunweaver [Special Broker Options]
Line 3: Line 3:
 The default version of the ''/​etc/​x2go/​broker/​x2gobroker-sessionprofiles.conf''​ configuration file can be viewed [[http://​code.x2go.org/​gitweb?​p=x2gobroker.git;​a=blob;​f=etc/​broker/​x2gobroker-sessionprofiles.conf|here]]. The default version of the ''/​etc/​x2go/​broker/​x2gobroker-sessionprofiles.conf''​ configuration file can be viewed [[http://​code.x2go.org/​gitweb?​p=x2gobroker.git;​a=blob;​f=etc/​broker/​x2gobroker-sessionprofiles.conf|here]].
  
-The file format is the INI file format. It falls in to a [DEFAULT] section and one or more session profile sections:+===== Basic Configuration File ===== 
 + 
 +The file format is the INI file format. It falls in to a [DEFAULT] section and one or more session profile sections. A minimal setup could look like this.
  
 <​file>​ <​file>​
Line 22: Line 24:
 height=768 height=768
 </​file>​ </​file>​
 +
 +Note that every X2Go Client parameter not given here gets filled in from a [[http://​code.x2go.org/​gitweb?​p=x2gobroker.git;​a=blob;​f=x2gobroker/​defaults.py|hard-coded default configuration]].
 +
 +===== Filtering through Access Control List =====
 +
 +If a user has been successfully authenticated against the X2Go Session Broker (or a user name has been given via the http request for cases where ''​check-credentials''​ in ''​x2gobroker.conf''​ is set to ''​false''​) you can use the user's UID, GID and the client address from that the user connects to filter out session profiles.
 +
 +<​file>​
 +[DEFAULT]
 +command=XFCE
 +fullscreen=true
 +
 +[staff-server]
 +host=x2go-staff.intern
 +acl-groups-allow=staff,​admins
 +acl-groups-deny=ALL
 +acl-any-order=deny-allow
 +
 +[student-server]
 +host=x2go-student-01.intern
 +acl-groups-allow=students,​admins
 +acl-groups-deny=ALL
 +acl-any-order=deny-allow
 +
 +[admin-server]
 +host=x2go-admin.intern
 +fullscreen=false
 +width=1280
 +height=768
 +acl-groups-allow=admins
 +acl-groups-deny=ALL
 +acl-any-order=deny-allow
 +</​file>​
 +
 +==== List of ACL rules ====
 +
 +The ACL rules work very similar to Apache ACL rules (allow, deny statements in ''​apache2.conf''​).
 +
 +To set the order (deny, allow vs. allow, deny), use this parameter
 +
 +  * ''​acl-any-order = {deny-allow|allow-deny}''​ (apply order to any ACL)
 +  * ''​acl-users-order = {deny-allow|allow-deny}''​ (apply order to user ACLs only)
 +  * ''​acl-groups-order = {deny-allow|allow-deny}''​ (apply order to group ACLs only)
 +  * ''​acl-clients-order = {deny-allow|allow-deny}''​ (apply order to client ACLs only)
 +
 +Furthermore,​ an aid for selecting the correct order (deny-allow vs. allow-deny): ​
 +
 +**User ACLs:**
 +
 +  * ''​acl-users-allow = <​user1>,​ <​user2>,​ ..., <​userN>''​
 +  * ''​acl-users-deny = ALL''​
 +
 +**Group ACLs:**
 +
 +  * ''​acl-groups-allow = <​group1>,​ <​group2>,​ ..., <​groupN>''​
 +  * ''​acl-groups-deny = ALL''​
 +
 +**Client ACLs:**
 +
 +  * ''​acl-clients-allow = <​subnet-or-ip>,​ <​or-dns-hostname>''​
 +  * ''​acl-clients-deny = ALL''​
 +
 +
 +
 +
 +
x2gobroker/inifilebackend.txt · Last modified: 2013/07/02 00:36 by sunweaver