Users are advised to not misinterpret X2GoServer's Published Application Mode as a security feature.
Even when using Published Application Mode, it is still possible for users to locally configure an X2Go
Client with any setting they want, and use that to connect.
So if you're trying to keep users from running a certain application on the host, using Published
Application Mode to "lock" the configuration is the *wrong* way. The users will still be able to run
that application by creating their own, local configuration file and using that.
To keep users from running an application on the server, you have to use *filesystem permissions*. In
the simplest case, this means setting chmod 750 or 550 on the particular application on the host, and
making sure the users in question are not the owner and also not a member of the group specified for the
application.