I had considered tying it to user ID and that's a good idea. While changing the remote xpra command is certainly an option I could write into the frontend, I want this to be a bit more secure and not rely on the frontend to do the right thing, is there a easy way to specify a new command server side and system wide?or user group wide?
Sorry for the double email Antoine On Fri, Dec 20, 2019, 6:59 AM Antoine Martin via shifter-users < shifter-users@lists.devloop.org.uk> wrote: > On 19/12/2019 16:19, Celeste Weingartner via shifter-users wrote: > > im writing a frontend for Xpra that will use ssh to connect. I would like > > to make a ultra persistant chrome session be remotely served.. > Running browsers through xpra seems to be a popular use case. > Are you using xpra's builtin ssh server or are you allowing those users > shell access on your server? (and restricting what commands they are > allowed to run?) > > > Ive got > > firejail working for chrome, and i can manually connect with xpra start > > someu...@apphost.com --start-child='google-chrome' and that works.. and > i > > can reattach to it no problem but if i reisssue another start, it starts > > another x session, which i do not want.. I want it limited to one per > user. > An easy way to achieve that would be to derive the X11 display for each > user from their user id. That way a user would only ever be able to > start a single session. > FYI: most browsers, including chrome, are limited to a single instance > per user account. > > To make things easier to manage, we could add a new subcommand: > "xpra attach-or-start" > Or maybe a new flag: > "xpra attach --create=yes" > Or even: > "xpra start --reuse-session=yes" > Ideas and suggestions welcome. > > When connecting over ssh, the xpra client will run "xpra _proxy", > potentially with extra arguments, and this is what connects the xpra > server to the ssh channel. > The remote xpra command can be changed using the "--remote-xpra=" > command line option. > This would be a decent place to override the default behaviour and start > a new server instance if one is not found, before trying to connect to it. > > Cheers, > Antoine > > > > > > max. > > > > > > On Mon, Dec 16, 2019 at 6:06 AM Antoine Martin via shifter-users < > > shifter-users@lists.devloop.org.uk> wrote: > > > >> On 16/12/2019 07:59, Celeste Weingartner via shifter-users wrote: > >>> Hi Everyone, im not sure if the devel list would be the place for this > or > >>> not.. So i'll ask. > >>> > >>> Im trying to use Xpra to create an application server. For a specific > >>> application. I do not want users to be able to spawn more than 1 xpra > >>> server process. I want them to be limited to 1. Short of disabling > server > >>> commands, and using firejail which im already doing, how can I further > >>> limit it to one server per user? Im willing to be there's some sort of > >>> bash magic that can be done in the xpra startup, but im unsure where to > >>> even begin there, im not a python coder... Bash I can do.. But can > >> anyone > >>> provide some pointers or tips? > >> How are you going to start the sessions? Is it going to be on demand for > >> each user? > >> How are they connecting to the server? ssh? > >> Are you going to give them a command line to run or an xpra URI they > >> just click on? > >> > >> This is not the first time something like this has been requested, so > >> maybe we can make it easier to setup. > >> > >> Cheers, > >> Antoine > >> > >>> > >>> Thanks in advance, > >>> > >>> Celeste > >>> _______________________________________________ > >>> shifter-users mailing list > >>> shifter-users@lists.devloop.org.uk > >>> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >>> > >> > >> _______________________________________________ > >> shifter-users mailing list > >> shifter-users@lists.devloop.org.uk > >> https://lists.devloop.org.uk/mailman/listinfo/shifter-users > >> > > _______________________________________________ > > shifter-users mailing list > > shifter-users@lists.devloop.org.uk > > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > > > > _______________________________________________ > shifter-users mailing list > shifter-users@lists.devloop.org.uk > https://lists.devloop.org.uk/mailman/listinfo/shifter-users > _______________________________________________ shifter-users mailing list shifter-users@lists.devloop.org.uk https://lists.devloop.org.uk/mailman/listinfo/shifter-users
