[winswitch] Hi List, Quick Xpra question

Sun Dec 22 18:10:52 GMT 2019

I had considered tying it to user ID and that's a good idea. While changing
the remote xpra command is certainly an option I could write into the
frontend, I want this to be a bit more secure and not rely on the frontend
to do the right thing, is there a easy way to specify a new command server
side and system wide?or user group wide?

Sorry for the double email Antoine

On Fri, Dec 20, 2019, 6:59 AM Antoine Martin via shifter-users <
shifter-users at lists.devloop.org.uk> wrote:

> On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote:
> > im writing a frontend for Xpra that will use ssh to connect. I would like
> > to make a ultra persistant chrome session be remotely served..
> Running browsers through xpra seems to be a popular use case.
> Are you using xpra's builtin ssh server or are you allowing those users
> shell access on your server? (and restricting what commands they are
> allowed to run?)
>
> > Ive got
> > firejail working for chrome, and i can manually connect with xpra start
> > someuser at apphost.com --start-child='google-chrome' and that works.. and
> i
> > can reattach to it no problem but if i reisssue another start, it starts
> > another x session, which i do not want.. I want it limited to one per
> user.
> An easy way to achieve that would be to derive the X11 display for each
> user from their user id. That way a user would only ever be able to
> start a single session.
> FYI: most browsers, including chrome, are limited to a single instance
> per user account.
>
> To make things easier to manage, we could add a new subcommand:
> "xpra attach-or-start"
> Or maybe a new flag:
> "xpra attach --create=yes"
> Or even:
> "xpra start --reuse-session=yes"
> Ideas and suggestions welcome.
>
> When connecting over ssh, the xpra client will run "xpra _proxy",
> potentially with extra arguments, and this is what connects the xpra
> server to the ssh channel.
> The remote xpra command can be changed using the "--remote-xpra="
> command line option.
> This would be a decent place to override the default behaviour and start
> a new server instance if one is not found, before trying to connect to it.
>
> Cheers,
> Antoine
>
>
>
>
> > max.
> >
> >
> > On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users <
> > shifter-users at lists.devloop.org.uk> wrote:
> >
> >> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote:
> >>> Hi Everyone, im not sure if the devel list would be the place for this
> or
> >>> not.. So i'll ask.
> >>>
> >>> Im trying to use Xpra to create an application server. For a specific
> >>> application. I do not want users to be able to spawn more than 1 xpra
> >>> server process. I want them to be limited to 1. Short of disabling
> server
> >>> commands, and using firejail which im already doing, how can I further
> >>> limit it to one server per user?  Im willing to be there's some sort of
> >>> bash magic that can be done in the xpra startup, but im unsure where to
> >>> even begin there, im not a python coder... Bash I can do..  But can
> >> anyone
> >>> provide some pointers or tips?
> >> How are you going to start the sessions? Is it going to be on demand for
> >> each user?
> >> How are they connecting to the server? ssh?
> >> Are you going to give them a command line to run or an xpra URI they
> >> just click on?
> >>
> >> This is not the first time something like this has been requested, so
> >> maybe we can make it easier to setup.
> >>
> >> Cheers,
> >> Antoine
> >>
> >>>
> >>> Thanks in advance,
> >>>
> >>> Celeste
> >>> _______________________________________________
> >>> shifter-users mailing list
> >>> shifter-users at lists.devloop.org.uk
> >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users
> >>>
> >>
> >> _______________________________________________
> >> shifter-users mailing list
> >> shifter-users at lists.devloop.org.uk
> >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users
> >>
> > _______________________________________________
> > shifter-users mailing list
> > shifter-users at lists.devloop.org.uk
> > https://lists.devloop.org.uk/mailman/listinfo/shifter-users
> >
>
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> https://lists.devloop.org.uk/mailman/listinfo/shifter-users
>