Multi-user graphical terminal server accessible by RFB/VNC The NetBSD Project
Status: Closed Time to complete: 120 hrs Mentors: Aleksej Saushev Tags: rfb, vnc, integration, documentation

Design and implement multi-user graphical terminal server based on NetBSD and using RFB protocol. Document deployment and configuration instructions (step-by-step and/or with illustrations, as needed).

Your terminal server should support creation and deletion of remote desktops (potentially, multiple desktops per user), secure authentication, encryption of RFB traffic (may be omitted, in case of too short time).

You may use other off-the-shelf software as needed (e.g. HTTP server).

 

You may encounter blocking problem during this project. Clear explanation of problems (possible workarounds, suggested amendments to restrict requirements) counts as successful completion.

 

References

1. http://wiki.netbsd.org/pkgsrc/remote/

2. http://www.google-melange.com/gci/task/view/google/gci2012/7952236

Uploaded Work
File name/URL File size Date submitted
X11RUBY.tar.gz 150.0 KB December 17 2012 20:58 UTC
X11RUBY3.tar.gz 42.2 KB December 21 2012 21:40 UTC
VncManager.tar.gz 42.4 KB December 25 2012 14:05 UTC
VncManager2.tar.gz 43.7 KB December 29 2012 10:24 UTC
VncManager3.tar.gz 42.4 KB December 30 2012 15:55 UTC
VncManager4.tar.gz 41.8 KB December 31 2012 18:11 UTC
VncManager6.tar.gz 41.8 KB December 31 2012 18:29 UTC
VncManager7.tar.gz 44.6 KB January 02 2013 19:39 UTC
Comments
Puck Meerburg on December 13 2012 06:40 UTC Task Claimed

I would like to work on this task.

Aleksej Saushev on December 13 2012 09:03 UTC Task Assigned

This task has been assigned to Puck Meerburg. You have 120 hours to complete this task, good luck!

Puck Meerburg on December 13 2012 14:49 UTC X11 or terminal

Hey,


Does the server need to send X11 or terminals (like /dev/tty1)?


 


 

Puck Meerburg on December 13 2012 18:58 UTC Clarification?

Hey,


The task is a bit unclear for me, so here are my questions:



  • Do you need to make a whole setup to manage vnc servers or like software to send x11 to vnc? (quite possibly the first ;))

  • And if the first, how to control the server (http, cli, or both)

Aleksej Saushev on December 13 2012 21:54 UTC Clarification

This task is about managing a terminal server. If you need to manage multiple RFB servers running on it, you are to solve this somehow. It is better, if you find a usable way to control those servers. Hence, HTTP is preferred.


Still, if you think you're short of time, then you may resort to CLI. In the latter case, be reasonable and implement controls in such a way that doesn't make integration hard. (Alternatively, you may postpone implementing web interface to the later stage of task, it is perfectly acceptable.)


Whatever choice you make, please, remember that this task is about terminal server rather than making fancy interface.

Aleksej Saushev on December 13 2012 21:56 UTC Re: X11 or terminal

Server is to send RFB. No X11 is allowed, client may be unable to provide X11 service.

Puck Meerburg on December 14 2012 06:55 UTC More clarification

So, it's making software to manage rfb servers (like xvnc)?

Puck Meerburg on December 17 2012 20:58 UTC Ready for review

The work on this task is ready to be reviewed.

Puck Meerburg on December 17 2012 21:01 UTC Finished

Finally got it working!


I know it is called X11RUBY, but that's just my inspiration not able to think of something. The whole creation is created in ruby (my first time ever!) and has been thoroughly tested on NetBSD 6.0 on i386 with the pkgsrc from a hour ago...

Aleksej Saushev on December 17 2012 23:12 UTC Deadline extended

The deadline of the task has been extended with 1 days and 0 hours.

Melange on December 19 2012 09:40 UTC No more Work can be submitted

Melange has detected that the deadline has passed and no more work can be submitted. The submitted work should be reviewed.

Aleksej Saushev on December 19 2012 09:41 UTC Deadline extended

The deadline of the task has been extended with 2 days and 0 hours.

Aleksej Saushev on December 20 2012 11:28 UTC Review


Hi!


Sorry, I have tried to test it but I've run into problems with your code.


First, you lack instructions how to test it in a non-invasive ways. Of course, we all know that there're virtual machines, still it isn't convenient.


Next, you should describe your approach. Explain in more detail what exactly you do to solve the problem, perhaps, tell about other ways you tried. Describe drawbacks of your approach.


Next, you tell about "gem" command. It doesn't seem to exist on NetBSD. Have you tested your code?


Next, you mention security with question. Since you're providing remote access, you should be concerned of what you have tried in order to secure access. Could you elaborate on it?


Related to previous, you seem to ignore NSS settings and parse passwd file directly. You don't list this as limitations of your program.


What is more important that you reject valid passwd. Quick check of documentation reveals that each entry should have 10 fields, you insist on 7. Have you tested your code on NetBSD?


All above means that your handling of passwords is totally wrong. It looks like you have never tried NetBSD. Perhaps, you should start developing on NetBSD rather than blindly trusting that it is yet another linux.


Next, you don't quote arguments to su(8) correctly. This means that one can probably execute code with superuser privileges.

Aleksej Saushev on December 20 2012 11:30 UTC Deadline extended

The deadline of the task has been extended with 2 days and 0 hours.

Aleksej Saushev on December 20 2012 11:49 UTC Task Needs More Work

One of the mentors has sent this task back for more work. Talk to the mentor(s) assigned to this task to satisfy the requirements needed to complete this task, submit your work again and mark the task as complete once you re-submit your work.

Aleksej Saushev on December 21 2012 17:27 UTC Deadline extended

The deadline of the task has been extended with 0 days and 12 hours.

Puck Meerburg on December 21 2012 21:40 UTC Ready for review

The work on this task is ready to be reviewed.

Puck Meerburg on December 21 2012 21:43 UTC Some info

Hey,


You may need to install lang/ruby and net/tightvnc like said in the manual. I also fixed some of the smaller bugs.

Aleksej Saushev on December 23 2012 19:21 UTC Deadline extended

The deadline of the task has been extended with 1 days and 0 hours.

Melange on December 24 2012 22:12 UTC No more Work can be submitted

Melange has detected that the deadline has passed and no more work can be submitted. The submitted work should be reviewed.

Aleksej Saushev on December 24 2012 23:39 UTC Review (partial)

Hi!


It would be easier to review code, if you mention what changes you have made exactly.


Your instructions fail on the very first step for me:


$ gem install bundler
ERROR:  While executing gem ... (NoMethodError)
    undefined method `spec' for nil:NilClass


$ pkg_info -e ruby
ruby-1.9.3p327nb1


It isn't yet clear if it is possible to test your work in some non-invasive way. Your instructions seem to assume to run some Ruby programs with super-user privileges, and it isn't clear if it is possible to clean up after that. It would be better if you have described staged installation.


It isn't clear why you insist on incorrect way to get list of users. You should use getpwent(3) somehow instead of parsing /etc/passwd, which is wrong way in NetBSD. For reference, see the source for login(1).


It is unclear how you have got "Wayland" running on NetBSD. If it doesn't run, why do you mention it? It only makes me think that your code requires one particular flavour of linux.


Commands like "echo $2\n$3" suggest the same. I doubt that using "n" as separator is intended here.


Next. You have started rejecting valid usernames in this version. I suggest that you rethink your approach to security. In particular, NetBSD has shquote(3).


 


When you talk about approach to solve the problem, you dive into uninteresting implementation details. Modularity or lack of it is easy to check by looking at the source, and it doesn't answer the main question, how exactly you solve the problem. Only by reading your source, I can see that you're using web interface running with privileges to run su(8) to start TightVNC server on some port. This is the most important part, and should be reflected in your documentation first of all. It has important implications. E.g., that your web interface has to be run as "root". It isn't clear how ports are allocated (randomly? sequentially? manually?).

Aleksej Saushev on December 24 2012 23:39 UTC Task Needs More Work

One of the mentors has sent this task back for more work. Talk to the mentor(s) assigned to this task to satisfy the requirements needed to complete this task, submit your work again and mark the task as complete once you re-submit your work.

Aleksej Saushev on December 24 2012 23:39 UTC Deadline extended

The deadline of the task has been extended with 2 days and 0 hours.

Puck Meerburg on December 25 2012 14:13 UTC Some stuff

Hey,


I can't reproduce the username bug. The gem error, I would advise to reinstall ruby and gems. The "Wayland" Example was just an example. I changed it. The "echo "$2\n\$3"" was a bug, I also fixed it.

Puck Meerburg on December 25 2012 14:13 UTC Ready for review

The work on this task is ready to be reviewed.

Melange on December 27 2012 08:52 UTC No more Work can be submitted

Melange has detected that the deadline has passed and no more work can be submitted. The submitted work should be reviewed.

Aleksej Saushev on December 27 2012 14:40 UTC Deadline extended

The deadline of the task has been extended with 1 days and 12 hours.

Aleksej Saushev on December 27 2012 16:01 UTC Review

Hi!


Just a nit (forgot to mention it early), it is better if you name the file with initial instruction "README" or like.


You understand that your software is security-sensitive, thus it is better if you try as much as you can to explain what is going to happen during installation and operation.


In particular, it would be nice to mention which files/packages are fetched and from where. You're installing some ruby gems, thus it would be nice to know which versions are fetched so that one could review them when the need arises.


I have prepared chroot environment to test your software, and have run into this:


# bundle exec puma
/usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/configuration.rb:88:in `random_bytes': PRNG not seeded (OpenSSL::Random::RandomError)
        from /usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/configuration.rb:88:in `setup_random_token'
        from /usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/configuration.rb:43:in `load'
        from /usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/cli.rb:280:in `parse_options'
        from /usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/cli.rb:294:in `run'
        from /usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/bin/puma:10:in `<top (required)>'
        from /usr/pkg/bin/puma:23:in `load'
        from /usr/pkg/bin/puma:23:in `<main>


It would be nice to know what is intended effect of this command. What exactly does it do? (Does it start some TCP server? Which one? How can I check it has started?) This information is useful not only for debugging.


You should really learn how to document (or describe at the very least) what you have done. Currently, your instructions are very hard to follow. I can hardly guess what your intention is at each step. This also prevents me from effective reviewing of your code.


The latter applies to what you write about your approach. Try reading again what I have written in previous review. "When you talk about approach to solve the problem, you dive into uninteresting implementation details. Modularity or lack of it is easy to check by looking at the source, and it doesn't answer the main question, how exactly you solve the problem."


You write, "My approach to do this is very modular." This is WRONG! Approach cannot be modular. It is the code that may be modular or not. Approach is how you solve your problem. You should have written something like this, "My approach is to start web server to let users configure their personal VNC servers manually and start them (one server per user) on manually selected TCP port. Web interface runs at localhost:8080 by default (configured in configuration file). To start VNC server, user comes to the http://localhost/page1.html, fills in IP address, TCP port number, user name, password, and presses start button. To stop personal server, user comes to http://localhost/page2.html, fills in his account name, password, and presses stop button." This is what approach to solve problem is.

Aleksej Saushev on December 27 2012 16:11 UTC Code problems

Less important problems (since they are in code).


When you write security-sensitive code, and spawn external commands, it is important to make sure that you start exactly those that you intend.


In particular, you never start "su", you start "/usr/bin/su", you never start "vncserver", you start "/usr/pkg/bin/vncserver", and so on.


Ideally, you should construct command lines from paths in variables like "su_path", "vncserver_path", and so on.


This way you avoid problems like code injection. E.g. in code like this:


        result = `su -l \"#{user}\" -c \"vncserver -name "#{name}" -geometry #{width}x#{height} -pixelformat #{pixelformat} -depth #{depth} -rfbport #{port} 2>&1"`


If you have constructed it from list of arguments, then you could have properly quoted every argument and concatentate them into command that cannot trigger further shell expansions. So that even if I have users with account names like <<pod"jom>>, it would still work.

Aleksej Saushev on December 27 2012 17:22 UTC Review (continued)

Hi!


I've solved problem with server starting.


I see the following issues:


1. Server starts listening on all available addresses.


Since your server provides remote access, provide a way to restrict IP addresses it listens and describe it in documentation.


Also, provide a way to change default TCP port it listens.


You don't need to create configuration file mechanism, it is enough if you gather configuration parameters in separate file. It is enough if it requires rebuilding and reinstalling to change settings.


2. Server lists all ancilliary accounts that correspond to no human user.


Could you filter away all accounts that cannot login at all? The first criterium is that account has no valid shell (valid shells are listed in /etc/shells _and_ exist as executable files, regular files, not directories).


3. I tried to start VNC server and ended with no server running and these messages on console:


127.0.0.1 - - [27/Dec/2012 17:09:56] "GET /api/servers HTTP/1.1" 200 - 0.0016
Terminal type is rxvt.                                                                                                                                                                                                         
2012-12-27 17:10:19 +0000: Rack app error: #<NoMethodError: undefined method `sub' for nil:NilClass>
/root/VncManager/modules/tightvnc.rb:11:in `start'
config.ru:30:in `block (7 levels) in <main>'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/builder.rb:134:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/builder.rb:134:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:64:in `block in call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `each'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/builder.rb:134:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:64:in `block in call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `each'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/builder.rb:134:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:64:in `block in call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `each'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/builder.rb:134:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:64:in `block in call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `each'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/urlmap.rb:49:in `call'


/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/commonlogger.rb:20:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/rack-1.4.1/lib/rack/commonlogger.rb:20:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/server.rb:412:in `handle_request'
/usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/server.rb:306:in `process_client'
/usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/server.rb:215:in `block in run'
/usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/thread_pool.rb:94:in `call'
/usr/pkg/lib/ruby/gems/1.9.3/gems/puma-1.6.3/lib/puma/thread_pool.rb:94:in `block in spawn_thread'

Aleksej Saushev on December 27 2012 17:29 UTC Task Needs More Work

One of the mentors has sent this task back for more work. Talk to the mentor(s) assigned to this task to satisfy the requirements needed to complete this task, submit your work again and mark the task as complete once you re-submit your work.

Aleksej Saushev on December 27 2012 17:30 UTC Deadline extended

The deadline of the task has been extended with 2 days and 0 hours.

Puck Meerburg on December 29 2012 10:25 UTC Ready for review

The work on this task is ready to be reviewed.

Puck Meerburg on December 29 2012 10:33 UTC Fixing

Hey,


I fixed the module, it now uses paths to su and pkg/bin, I added settings for port & ip binding, I fixed the servers disappearing after making a server. Only accounts with a valid shell show up. The included module TightVNC now escapes all <<">>s and <<`>>s.


I checked, and to make the server run in chroot, you (possibly) need to have /dev/random and /dev/urandom. 


 


 


 


 

Aleksej Saushev on December 30 2012 08:41 UTC Deadline extended

The deadline of the task has been extended with 0 days and 12 hours.

Aleksej Saushev on December 30 2012 14:20 UTC Review

Hi!


I've tried starting server, and it still didn't start. It reported "something went wrong", and I've got this in console:


127.0.0.1 - - [30/Dec/2012 13:48:26] "GET /api/users HTTP/1.1" 200 - 0.0026
{"width"=>"1024", "height"=>"768", "depth"=>"32", "pixelformat"=>"RGB888", "name"=>"name1", "port"=>"9293", "user"=>"", "command"=>"/usr/bin/su -l \"\" -c \"/usr/pkg/bin/vncserver \\\"-name\\\" \\\"name1\\\" \\\"-geometry\\\" \\\"1024x768\\\" \\\"-pixelformat\\\" \\\"RGB888\\\" \\\"-depth\\\" \\\"32\\\" \\\"-rfbport\\\" \\\"9293\\\" 2>&1\" 2>&1", "success"=>false, "output"=>"vncserver: couldn't find \"xauth\" on your PATH.\n", "exception"=>"undefined method `sub' for nil:NilClass", "module"=>"TightVNC"}127.0.0.1 - - [30/Dec/2012 13:48:52] "GET /api/module/TightVNC/start?width=1024&height=768&depth=32&pixelformat=RGB888&name=name1&port=9293&user= HTTP/1.1" 200 - 0.0515
127.0.0.1 - - [30/Dec/2012 13:48:55] "GET /api/servers HTTP/1.1" 200 - 0.0011


Perhaps, there're more dependencies which you should list. E.g. xauth and, perhaps, X server.


After I have installed xauth, all start-stop buttons remain grayed out, and there's no other way to clean things up. "Kill" button doesn't work either. I was unable to start server at all.


 


I suggest making these changes to web interface:


1. Change "name" to "session name" or something like that. "Name" is too vague.


2. Change "size" to "virtual screen size" or something like that. "Size" isn't clear enough.


3. Apply some sane defaults. E.g. assume default size 1024x768 when the field is empty. Perhaps generate session name as well.


Besides that, it would be nice to perform some sanity check. E.g. that server started. At some point I've got all start-stop buttons grayed out and server not running.


Since some functionality is implemented in JavaScript, it might be possible to check if the server is running at all. The same applies to VNC servers under control.


There're remains of code like this:


        result = `su -l \"#{user}\" -c \"#{paths["pkg"]}/vncserver -kill \\"#{x11}\\"\"` #kill the server via vncserver
        {"success" => true} #Yes! Success!

Aleksej Saushev on December 30 2012 14:20 UTC Deadline extended

The deadline of the task has been extended with 2 days and 0 hours.

Aleksej Saushev on December 30 2012 14:21 UTC Deadline extended

The deadline of the task has been extended with 2 days and 0 hours.

Puck Meerburg on December 30 2012 16:01 UTC Ready for review

Hi Aleksej,

I made the changes you suggested and I hope this will be sufficient to
complete the task. I guess I underestimated the requirements given there was
originally a timeframe of 120 hours for the task.

I sincerely hope you will accept this last effort. For me it will be the
last I can do for this assignment, because I would love to be able to work
on a different task to broaden my experience with NetBSD (and it still is a
competition). I'm really grateful for your mentorship and the learning
experience I had with putting up this server. Being just 13 years old I'm
still very happy with what I was able to make, and it's very unfortunate
some things just didn't work on your end the way it worked here at home.

Anyway, thanks for all the time you put in the reviews and mentoring, and perhaps we'll meet again at a next task.

Aleksej Saushev on December 30 2012 18:57 UTC Review

Hi!


I'm still unable to get any VNC server running. Can you provide step by step instructions?

Puck Meerburg on December 30 2012 18:59 UTC Review

Could you post the output of the console?

Puck Meerburg on December 30 2012 19:07 UTC Or

Have you installed X11 and configured it? You wight need to follow this here: http://wiki.netbsd.org/pkgsrc/how_to_install_modular_xorg/

Aleksej Saushev on December 31 2012 07:52 UTC Review

Hi!


We discussed it on IRC, and I write this for the record.


I'm sorry, but I cannot accept the code that doesn't work. Please, note, the code that works has to work not only on your system and not only for you.


I can suggest the following as remedy.


1. You describe in clear terms your approach in detail. In particular, what steps are to be done to make one server running for given user at given port, which commands should be run, and so on. You may assume that X11 sets and necessart packages are installed, just list them as prerequisites in documentation.


2. You restructure your code and documentation. You start from ground up, and implement intermediate steps. Implement command line tools that can be used without web server, Rails, and similar tools.


3.1. I suggest to drop AJAX and implement interface as CGI. This way your code should be more debuggable.


3.2. Alternatively, you can research a less invasive way that works without installing uncontrolled software (Ruby "gems", Python "eggs", and so on). It is fine to use official packages, but it is not so good to request system administrator installing additional software in an uncontrolled, i.e. not through package management system, way. This is why I have to use chroot environment.


4. You comment your code to explain, in details, what functionality it implements. I mean, that you don't need to write comments like "prepend spaces with backslashes", you should write "escape spaces, quotes, and so on so that they could be passed safely to shell."


I'm fine with code that doesn't implement all security and correctness features _provided_ the code has comments in proper places and documentation mentions assumptions you made.

Aleksej Saushev on December 31 2012 07:53 UTC Task Needs More Work

One of the mentors has sent this task back for more work. Talk to the mentor(s) assigned to this task to satisfy the requirements needed to complete this task, submit your work again and mark the task as complete once you re-submit your work.

Puck Meerburg on December 31 2012 08:40 UTC Chroot

Hey, 


I am 99% sure your setup is the problem. I am completely happy with hosting a vm for you, with just NetBSD, pkgsrc and pkgin installed.


Run this as root in the chroot: `su someone -c "echo success"` and if it asks for a password, the chroot causes the problem. 


 


 


 


 


 


 


 

Aleksej Saushev on December 31 2012 17:47 UTC Re: Chroot

It does work as intended in chroot (it doesn't ask for password).


Chroot should not be a problem for this task in any case.


(Part of the problem is that your code is way too invasive and it requires isolation. Hence chroot.)

Puck Meerburg on December 31 2012 18:36 UTC Ready for review

The work on this task is ready to be reviewed.

Puck Meerburg on January 2 2013 08:43 UTC Ready for review

Hey,


Because new year's been between the previous message and now, I would like to remind you that the newest version should work.


 


 


 

Puck Meerburg on January 2 2013 19:40 UTC Small bug

I found a small bug, In v7 I fixed it. It was that the generated port of a server different is then the placeholder said.

Julian Coleman on January 2 2013 22:33 UTC Looks good. Final comments.

Hi,


[Summary after discussion on IRC.]


The VNC server controller looks good.


I have some comments though:


  1) I needed to install the packages:


    tightvnc-1.3.10nb5.tgz
    ruby-1.9.3p194nb1.tgz
    ruby193-json-1.7.5.tgz
    ruby193-rack-1.4.1.tgz


  and then run `gem install bundler` and `gem install puma -v '1.6.3'` before running `bundle install`.


  2) It works fine with native X


  3) The password has to be set first before adding a server, otherwise it does not start the server correctly.


  4) Running the controller as root presents potential security problems.  It would be better if there were a separate process running with root privileges that (only) the controller could communicate with.  That separate process would only configure VNC passwords and start/stop the servers.  However, I think that that is outside of the scope of this task.


Thanks,


J

Julian Coleman on January 2 2013 22:34 UTC Task Closed

Congratulations, this task has been completed successfully.