Hello all,
it was simplest than it seems!
I only need to create a local user, add it to tomcat group, then I put
new username like this:
[Unit]
Description=Guacamole Server
Documentation=man:guacd(8)
After=network.target
[Service]
User=newuser
Group=tomcat
ExecStart=/usr/local/sbin/guacd -f
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
then I run:
systemctl daemon-reload
and after that:
systemctl enable guacd
systemctl start guacd
and now all seems to run as expected!
I have just a little doubt about this "issue":
Feb 21 14:43:18 hcl guacd[906]: File open refused (-2):
"\home\newuser\upload"
Feb 21 14:43:18 hcl guacd[906]: guacd[906]: ERROR:#011File open refused
(-2): "\home\newuser\upload"
Feb 21 14:43:20 hcl guacd[906]: File open refused (-2):
"\Download\license.xml:Zone.Identifier"
but I can download/upload file; IMHO could be the back slash I can see
into logs when I have put slash on Guacamole config page for that
connection, but I'm not sure, ATM it works!
Best regards,
Alessandro
Il 21/02/2023 14:07, Alessandro Sironi ha scritto:
Hi Lorenzo, thanks for your reply, but I'm not in a docker
environment, it's a VM running Debian 11, I don't know if it's the
same or not, but I would like to run guacd as local user, if possible
w/out a privileged account.
Best regards,
Alessandro
Il 21/02/2023 12:18, MAURIZI Lorenzo ha scritto:
Alessandro, I try to help, I remember facing a similar issue with
other “dockerized” software
The user running guacd in your case is “daemon” which has a defined
uid in the OS inside the container.
You should make the shared guacd volume(s) writable to the same UID
in host OS.
E.G. in guacamole 1.4.0 the user in the container running guacd was
“guacd” with UID 1000, and I made the writable “drive” and “record”
mapped volumes owned by UID 1000 in the host OS, that corresponds to
a existing user in my server (BTW is my user).
Maybe there is a better way, because the UID 1000 could be taken by
another account that you don’t want to give access to those directories.
Regards. Lorenzo
*Da:*Alessandro Sironi <a.sir...@me.com.INVALID>
*Inviato:* martedì 21 febbraio 2023 11:19
*A:* user@guacamole.apache.org
*Oggetto:* Re: ISSUE with RDP on Windows after upgrade from 1.4.0 to
1.5.0
I'm not so good on systemd, could be here the issue?
[Unit]
Description=Guacamole Server
Documentation=man:guacd(8)
After=network.target
[Service]
User=daemon
ExecStart=/usr/local/sbin/guacd -f
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
and if yes, how could I fix it? Shall I use a user w/out privileged
account to run guacd? And how to tell to systemd to use that account?
I just simple change the "User=daemon" with someting like "User=myuser"?
Best regards,
Alessandro
Il 21/02/2023 11:13, Alessandro Sironi ha scritto:
Hello Mike and thanks for your reply!
Here's the culprit:
Feb 21 11:09:19 hcl guacd[57447]: FreeRDP initialization may
fail: The current user's home directory ("/usr/sbin") is not
writable, but FreeRDP generally requires a writable home
directory for storage of configuration files and certificates.
I've to check what user is running guacd ATM and why it's changed
from what was before upgrade.
Still diggin into that.
Best regards,
Alessandro
Il 21/02/2023 09:28, Michael Jumper ha scritto:
On Tue, Feb 21, 2023, 12:22 AM Alessandro Sironi
<a.sir...@me.com.invalid> <mailto:a.sir...@me.com.invalid> wrote:
Hello all,
I'm having strange issues with RDP connection but only if
I try to connect to a Windows host, if I try to connect
to a Linux host (xRDP) it works!
Here from catalina.out:
What do you see in the guacd logs?
connection fail w/out any other messages; those
connections work before upgrading; I have loaded some
extension:
* MySQL
* LDAP
* Branding
* History
I've noticed that if I load also vault all kind of
connections fail (RDP and SSH, I have only this type in
my environment); I have not try yet to unload History
(this and vault are the new I have now, the others worked
also before upgrading), could it be the coulprit?
If you have not configured that vault support, yes - there
would be errors to that effect in your Guacamole (Tomcat) logs.
- Mike
