[
https://issues.apache.org/jira/browse/GUACAMOLE-1609?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yukiya Hayashi updated GUACAMOLE-1609:
--------------------------------------
Description:
*Background*
I am running Guacamole with Docker and using the "device redirection" feature
on a Windows Server.
After upgrading Guacamole from version 1.1.0 to 1.4.0, the "device redirection"
function no longer works.
*What I investigated*
I have isolated the problem and found that there was no problem up to
version 1.2.0 and the problem started with version 1.3.0. The cause appears to
be that the user used in the container was changed from root to guacd starting
with version 1.3.0. The guacd process seems to create a directory with the name
of the target host in / in order to use "device redirection". Up to version
1.2.0, the directory was created without any problem because it was started as
root user. However, since version 1.3.0, the "device redirection" does not seem
to work because the directory cannot be created under / for the guacd user.
*Possible solutions*
I have the following two ideas, and I would like you to consider the latter
approach if possible.
- Make guacd startup user as root as it was up to version 1.2.0.
- Change the path for the guacd process to create the "device redirection"
directory to something appropriate (e.g. /tmp/ would be appropriate).
*Sample Logs*
The following is an excerpt from the log that occurred in my environment. I
logged into the server "ADC01" and observed a permission error in the directory
creation.
> guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied
```
$ docker logs -f guacamole_guacd_1
guacd[6]: INFO: Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[6]: INFO: Listening on host 0.0.0.0, port 4822
guacd[6]: INFO: Creating new client for protocol "rdp"
guacd[6]: INFO: Connection ID is "$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58"
guacd[8]: INFO: No security mode specified. Defaulting to security mode
negotiation with server.
guacd[8]: INFO: Resize method: none
guacd[8]: INFO: No clipboard line-ending normalization specified. Defaulting to
preserving the format of all line endings.
guacd[8]: INFO: User "@b2afdcc7-7073-462d-9832-2f33a77ae844" joined connection
"$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58" (1 users now present)
guacd[8]: INFO: Loading keymap "base"
guacd[8]: INFO: Loading keymap "en-us-qwerty"
guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000c
guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000b
guacd[8]: INFO: RDPDR user logged on
guacd[6]: INFO: Creating new client for protocol "rdp"
guacd[6]: INFO: Connection ID is "$7180e9d2-3825-40d1-9548-175164f931b3"
guacd[25]: INFO: No security mode specified. Defaulting to security mode
negotiation with server.
guacd[25]: INFO: Resize method: none
guacd[25]: INFO: No clipboard line-ending normalization specified. Defaulting
to preserving the format of all line endings.
guacd[25]: INFO: User "@0a9109ca-f92c-474c-a310-80aee889a0f8" joined connection
"$7180e9d2-3825-40d1-9548-175164f931b3" (1 users now present)
guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied
```
was:
- Background
I am running Guacamole with Docker and using the "device redirection" feature
on a Windows Server.
After upgrading Guacamole from version 1.1.0 to 1.4.0, the "device redirection"
function no longer works.
- What I investigated
I have isolated the problem and found that there was no problem up to
version 1.2.0 and the problem started with version 1.3.0. The cause appears to
be that the user used in the container was changed from root to guacd starting
with version 1.3.0. The guacd process seems to create a directory with the name
of the target host in / in order to use "device redirection". Up to version
1.2.0, the directory was created without any problem because it was started as
root user. However, since version 1.3.0, the "device redirection" does not seem
to work because the directory cannot be created under / for the guacd user.
- Possible solutions
I have the following two ideas, and I would like you to consider the latter
approach if possible.
- Make guacd startup user as root as it was up to version 1.2.0.
- Change the path for the guacd process to create the "device redirection"
directory to something appropriate (e.g. /tmp/ would be appropriate).
- Sample Logs
The following is an excerpt from the log that occurred in my environment. I
logged into the server "ADC01" and observed a permission error in the directory
creation.
> guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied
```
$ docker logs -f guacamole_guacd_1
guacd[6]: INFO: Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[6]: INFO: Listening on host 0.0.0.0, port 4822
guacd[6]: INFO: Creating new client for protocol "rdp"
guacd[6]: INFO: Connection ID is "$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58"
guacd[8]: INFO: No security mode specified. Defaulting to security mode
negotiation with server.
guacd[8]: INFO: Resize method: none
guacd[8]: INFO: No clipboard line-ending normalization specified. Defaulting to
preserving the format of all line endings.
guacd[8]: INFO: User "@b2afdcc7-7073-462d-9832-2f33a77ae844" joined connection
"$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58" (1 users now present)
guacd[8]: INFO: Loading keymap "base"
guacd[8]: INFO: Loading keymap "en-us-qwerty"
guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000c
guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000b
guacd[8]: INFO: RDPDR user logged on
guacd[6]: INFO: Creating new client for protocol "rdp"
guacd[6]: INFO: Connection ID is "$7180e9d2-3825-40d1-9548-175164f931b3"
guacd[25]: INFO: No security mode specified. Defaulting to security mode
negotiation with server.
guacd[25]: INFO: Resize method: none
guacd[25]: INFO: No clipboard line-ending normalization specified. Defaulting
to preserving the format of all line endings.
guacd[25]: INFO: User "@0a9109ca-f92c-474c-a310-80aee889a0f8" joined connection
"$7180e9d2-3825-40d1-9548-175164f931b3" (1 users now present)
guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied
```
> The "device redirection" feature in guacd-docker does not work since version
> 1.3.0
> ----------------------------------------------------------------------------------
>
> Key: GUACAMOLE-1609
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1609
> Project: Guacamole
> Issue Type: Bug
> Components: guacd-docker
> Affects Versions: 1.3.0, 1.4.0
> Reporter: Yukiya Hayashi
> Priority: Major
>
> *Background*
> I am running Guacamole with Docker and using the "device redirection"
> feature on a Windows Server.
> After upgrading Guacamole from version 1.1.0 to 1.4.0, the "device
> redirection" function no longer works.
> *What I investigated*
> I have isolated the problem and found that there was no problem up to
> version 1.2.0 and the problem started with version 1.3.0. The cause appears
> to be that the user used in the container was changed from root to guacd
> starting with version 1.3.0. The guacd process seems to create a directory
> with the name of the target host in / in order to use "device redirection".
> Up to version 1.2.0, the directory was created without any problem because it
> was started as root user. However, since version 1.3.0, the "device
> redirection" does not seem to work because the directory cannot be created
> under / for the guacd user.
> *Possible solutions*
> I have the following two ideas, and I would like you to consider the latter
> approach if possible.
> - Make guacd startup user as root as it was up to version 1.2.0.
> - Change the path for the guacd process to create the "device redirection"
> directory to something appropriate (e.g. /tmp/ would be appropriate).
> *Sample Logs*
> The following is an excerpt from the log that occurred in my environment. I
> logged into the server "ADC01" and observed a permission error in the
> directory creation.
> > guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied
> ```
> $ docker logs -f guacamole_guacd_1
> guacd[6]: INFO: Guacamole proxy daemon (guacd) version 1.4.0 started
> guacd[6]: INFO: Listening on host 0.0.0.0, port 4822
> guacd[6]: INFO: Creating new client for protocol "rdp"
> guacd[6]: INFO: Connection ID is "$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58"
> guacd[8]: INFO: No security mode specified. Defaulting to security mode
> negotiation with server.
> guacd[8]: INFO: Resize method: none
> guacd[8]: INFO: No clipboard line-ending normalization specified. Defaulting
> to preserving the format of all line endings.
> guacd[8]: INFO: User "@b2afdcc7-7073-462d-9832-2f33a77ae844" joined
> connection "$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58" (1 users now present)
> guacd[8]: INFO: Loading keymap "base"
> guacd[8]: INFO: Loading keymap "en-us-qwerty"
> guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000c
> guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000b
> guacd[8]: INFO: RDPDR user logged on
> guacd[6]: INFO: Creating new client for protocol "rdp"
> guacd[6]: INFO: Connection ID is "$7180e9d2-3825-40d1-9548-175164f931b3"
> guacd[25]: INFO: No security mode specified. Defaulting to security mode
> negotiation with server.
> guacd[25]: INFO: Resize method: none
> guacd[25]: INFO: No clipboard line-ending normalization specified. Defaulting
> to preserving the format of all line endings.
> guacd[25]: INFO: User "@0a9109ca-f92c-474c-a310-80aee889a0f8" joined
> connection "$7180e9d2-3825-40d1-9548-175164f931b3" (1 users now present)
> guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied
> ```
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
