[FreeNX-kNX] Running a particular application in freenx server

Peter McGregor freenx at pdadevelopments.co.nz
Wed Oct 28 07:01:13 UTC 2009 

Hello

I would like to force a user to run an application in freenx.  I have 
set this up in the client ok, but I would like to enforce it in the server

I have been looking at modifying nxacl, but it does not seem to be 
called from my nxserver.

I have copied the nxacl sample file to /etc/nxserver

I would appreciate if someone could tell me how to run nxacl, or 
alternatively, how I could modify node.conf

thank you

Peter McGregor


I am running centos 5.3, with  freenx and nx installed using yum, with  
the epel repository.


ie

-bash-3.2# ls -l /etc/nxserver
total 72
-rw------- 1 nx   root   668 Oct 23 16:12 client.id_dsa.key
-rwxr-xr-x 1 nx   root 22426 Oct 28 19:00 node.conf
-rwxr-xr-x 1 nx   root 22348 Aug 31 14:02 node.conf.sample
-rwxr-xr-x 1 nx   root  1123 Oct 28 18:46 nxacl
-rwxr-xr-x 1 root root  1106 Oct 28 17:46 nxacl.sample
-rw------- 1 nx   root     0 Oct 23 16:12 passwords
-rw------- 1 nx   root     0 Oct 23 16:12 passwords.orig
-rw------- 1 nx   root   602 Oct 23 16:12 server.id_dsa.pub.key
-rw------- 1 nx   root   668 Oct 23 16:12 users.id_dsa
-rw-r--r-- 1 nx   root   602 Oct 23 16:12 users.id_dsa.pub
-bash-3.2# cat nxacl
#!/bin/bash

# Syntax: getparam <param>
getparam()
{
   stringinstring "&$1=" "$CMDLINE" || return 1
   echo "$CMDLINE" |  tr "&" "\n" | egrep "^"$1"=" | awk -F= '{ VAL=$2 } 
END { print VAL }'
   return 0
}

# Syntax: changeparam <param> <value>
#       Don't use & in value its the separator.

changeparam()
{
   CMDLINE=$(echo "$CMDLINE" | tr "&" "\n" | sed "s&^$1=.*&$1=$2&g" | tr 
"\n" "&")
}

CMDLINE="$1"

# Example 0: All allowed

allow_all()
{
   # Parameters unchanged
   echo "$CMDLINE"
   echo "it works"

   # Session allowed
   exit 0
}

# Example 1: Allow only unix-kde sessions, deny others

allow_unix_kde()
{
   type=$(getparam type)
   if [ "$type" != "unix-kde" ]
   then
       echo "Only sessions with type unix-kde are allowed."
       exit 1
   fi

   allow_all
}

# Example 3: Allow only unix-kde sessions, change type always to 
unix-kde and virtualdesktop=1, rootless=0

allow_unix_kde_2()
{
   changeparam type unix-kde
   changeparam virtualdesktop 1
   changeparam rootless 0

   allow_all
}

#
# You can make as complex samples as you want, if you have one, I would 
be very interested!
# Fabian
#
# Send it to: FreeNX-kNX at kde.org.
#

allow_all


My log file(I changed log level in node.conf to 5(info)) is

- NX SERVER START: -c /usr/bin/nxserver - ORIG_COMMAND=
-- NX SERVER START:  - ORIG_COMMAND=
Info: Using fds #4 and #3 for communication with nxnode.
HELLO NXSERVER - Version 3.2.0-73 OS (GPL, using backend: not detected)
NX> 105 hello NXCLIENT - Version 3.2.0
NX> 134 Accepted protocol: 3.2.0
NX> 105 SET SHELL_MODE SHELL
NX> 105 SET AUTH_MODE PASSWORD
NX> 105 login
NX> 101 User: peter
NX> 102 Password:
NX> 103 Welcome to: vessel2 user: peter
NX> 105 listsession --user="peter" --status="suspended,running" 
--geometry="1920x1080x32+render" --type="unix-application"
NX> 127 Sessions list of user 'peter' for reconnect:

Display Type             Session ID                       Options  Depth 
Screen         Status      Session Name
------- ---------------- -------------------------------- -------- ----- 
-------------- ----------- ------------------------------


NX> 148 Server capacity: not reached for user: peter
NX> 105 startsession  --rootless="1" --virtualdesktop="0" 
--application="/usr/bin/firefox" --link="adsl" --backingstore="1" 
--encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" 
--strict="0" --composite="1" --samba="1" --cups="1" --media="0" 
--session="vessel2" --type="unix-application" --client="macosx" 
--keyboard="query" --screeninfo="1877x1036x32+render"

NX> 1000 NXNODE - Version 3.2.0-73 OS (GPL, using backend: not detected)
NX> 700 Session id: vessel2-1000-E3E827CE5D9F80B95BD26D87A0F7CED7
NX> 705 Session display: 1000
NX> 703 Session type: unix-application
NX> 701 Proxy cookie: 166dbbddd8ca8038d71412542b1cf84b
NX> 702 Proxy IP: 127.0.0.1
NX> 706 Agent cookie: 166dbbddd8ca8038d71412542b1cf84b
NX> 704 Session cache: unix-application
NX> 707 SSL tunneling: 1
NX> 709 File-sharing port: 445
NX> 1009 Session status: starting
NX> 710 Session status: running
NX> 1002 Commit
NX> 1006 Session status: running
NX> 105 addprinter  --type="ipp" --username="mac" --port="3000" 
--session_id="E3E827CE5D9F80B95BD26D87A0F7CED7" 
--printer="HP_deskjet_9300" password="******" --model="NULL" 
--defaultPrinter="1" --public="1"
NX> 719 CUPS printer: running
NX> 105 bye
Bye
NX> 999 Bye
NX-12835->--addprinter> 1000 NXNODE - Version 3.2.0-73 OS (GPL, using 
backend: not detected)
NX-12835->--addprinter> 1001 Bye.
NX> 1009 Session status: terminating
Info: Closing connection to slave with pid 12541.
12835->--addprinter 1001 Bye.
NX> 1006 Session status: closed
NX> 1001 Bye.
Info: Closing connection to slave with pid 12541.

More information about the FreeNX-kNX mailing list