You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by sciUser <sh...@securitycentric.net> on 2019/01/29 00:34:56 UTC

File Transfer and Read Write with current User

Hello 

I understand that the guacd is creating the files but is there away to have
it so the when i enable file transfer that the user has full control ?  I
have created a directory called DL, I have set the mode to 666 (rw rw rw) in
the Guacamole interface on connections I use the syntax /DL/${GUAC_USERNAME}
, this creates the user folder of the current user but ownership is always
root. How can this be changed to allow users to own their directories?

Thank You



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: File Transfer and Read Write with current User

Posted by sciUser <sh...@securitycentric.net>.
Thank You for the information.

I think I have away to do this securely and effectively do this.  Will test
first then post script if all work.

Thank You



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: File Transfer and Read Write with current User

Posted by Nick Couchman <vn...@apache.org>.
On Mon, Jan 28, 2019 at 7:34 PM sciUser <sh...@securitycentric.net>
wrote:

> Hello
>
> I understand that the guacd is creating the files but is there away to have
> it so the when i enable file transfer that the user has full control ?  I
> have created a directory called DL, I have set the mode to 666 (rw rw rw)
> in
> the Guacamole interface on connections I use the syntax
> /DL/${GUAC_USERNAME}
> , this creates the user folder of the current user but ownership is always
> root. How can this be changed to allow users to own their directories?
>

As described in the RDP section of the manual (
http://guacamole.apache.org/doc/gug/configuring-guacamole.html#rdp), using
the Filesystem Redirection (drive-path) parameters the access to the
directories is done under the user account running guacd.  There's no way
to change this behavior, for a variety of reasons, but at least one key
reason is that there's no guarantee that the user logging into Guacamole
Client (done through JDBC, LDAP, etc., authentication) will have an account
on the system where guacd is running (O/S-level user-management).

Beyond that, I would *highly* recommend against running guacd under the
root account - there's nothing that guacd does that requires root
privileges, so there's no reason it cannot be run under a
normal/non-elevated account.

If you need file transfer that honors user permissions, I suggest using the
SFTP mechanism and then make that SFTP server available to the remote
system via a SFTP client, Samba, etc.

-Nick