Provided by: x2gobroker_0.0.4.3-2_all bug


       x2gobroker{,-daemon,-ssh} - Session Broker for X2Go


       x2gobroker [ options ]

       x2gobroker-daemon [ options ]

       x2gobroker-ssh [ options ]


       x2gobroker  (resp. x2gobroker-daemon) is a Python Tornado based implementation of the X2Go
       Session Broker API. x2gobroker-ssh is the same application but designed for usage via  SSH
       (as a command line tool).

       The  HTTP(S)  implementation  of x2gobroker is normally executed either through the host's
       init system or via the WSGI module  in  your  httpd  server.  The  SSH  implementation  is
       executed by X2Go clients through SSH.

       See the included README and TODO for further information on x2gobroker.


       x2gobroker{,-daemon,-ssh} accepts the following common options:

       -M, --mode {HTTP|SSH}
              Set  X2Go Session Broker into HTTP or SSH mode. If this option is omitted, then SSH
              is the default mode.  If x2gobroker-daemon is used as  executable  name,  then  the
              default mode is HTTP(S).

       -C, --config FILENAME
              Specify     an     alternative     configuration    file    name,    default    is:

       -d, --debug
              Enable debugging code. This also makes http's POST method available as GET  method,
              which then allows it to test the broker API through a normal web browser.

       -h, --help
              Display a help with all available command line options and exit.


       x2gobroker-ssh,  i.e.,  when  run from the command line or via SSH, accepts/requires these
       additional options:

       --task {listsessions, selectsession, setpass, testcon}
              Specify the either of the known broker tasks (listsessions, selectsession, setpass,
              testcon).  This  parameter  is compulsory, the command execution will fail if it is

       --user USERNAME
              If x2gobroker is run by the `magic' user (the x2gobroker account by default),  then
              the  x2gobroker  is  allowed to change its user context and do queries on behalf of
              the user specified with this parameter.

       --auth-cookie, --auth-id AUTHENTICATION_COOKIE
              It is possible to enforce a stronger authentication via  an  additional  pre-shared
              authentication  cookie.  This authentication cookie must be stored in a client-side
              file so that X2Go Client can access it and then pass it  on  to  the  X2Go  Session
              Broker   (via   the   X2Go   Client   option   --auth-id=<fullpath-to-file>)  while
              authenticating against the broker.

              The server-side cookie hash can be set in  /etc/x2go/x2gobroker.conf  (option:  my-
              cookie).  You  have  to  set  the  option require-cookie-auth to true to enable the
              additional cookie comparison in the X2Go Session Broker.

       --profile-id, --sid SESSION_PROFILE_ID
              For the selectsession task the session profile ID has to be given as an  additional

       --backend BACKEND_NAME
              Query another than the default broker backend.


       x2gobroker-daemon in standalone HTTP(S) daemon mode accepts these additional options:

       -b, --bind ADDRESS:PORT
              The   [address:]port   that   the   Tornado  http-engine  will  bind  to  (default:

       -D, --daemonize
              Fork this application to background and detach from the running terminal.

       -P, --pidfile
              Custom PID file location when daemonizing (default: <RUNDIR>/x2gobroker/x2gobroker-

       -L, --logdir
              Directory  where stdout/stderr will be redirected after having daemonized (default:

       -D, --drop-privileges
              If  started  as  root,  drop   privileges   to   uid   X2GO_DAEMON_USER   and   gid
              X2GO_DAEMON_GROUP  (as  configured  in  /etc/x2go/broker/defaults.conf  on  systemd
              systems or /etc/defaults/python-x2gobroker on SystemV systems).


       Users are advised to not misinterpret X2Go Session Broker's  capabilities  as  a  security
       feature.  Even  when  using X2Go Session Broker, it is still possible for users to locally
       configure an X2Go Client with any settings they want, and  use  that  to  connect.  So  if
       you're  trying  to  keep  users from running a certain application on the host, using X2Go
       Session Broker to "lock" the configuration is the *wrong* way. The  users  will  still  be
       able  to  run  that  application by creating their own, local configuration file and using

       To keep users from running an application on  the  server,  you  have  to  use  filesystem
       permissions  on the X2Go Server. In the simplest case, this means setting chmod 750 or 550
       on the particular application on the host, and making sure the users in question  are  not
       the owner and also not a member of the group specified for the application.


       /etc/x2go/x2gobroker.conf, /etc/x2go/broker/* (configuration files)

       /etc/default/python-x2gobroker,   /etc/default/x2gobroker-daemon   (environment  for  X2Go
       Session Broker when run as a standalone daemon via SystemV or upstart)

       /var/log/x2gobroker/* (log files of X2Go Session Broker)




       This manual has been written for the  X2Go  project  by  Mike  Gabriel  <mike.gabriel@das->.