Re: Same shared Drive redirected to all users : Privacy and Security breach

[Amarjeet Singh]

Hi Mike,

Use separate filesystems to hold the drive

contents,  not the root filesystem of your Guacamole server.



If I have 500 users then I can't have separate file system for each one of
them on the same  machine where guacamole server runs [ centos 7 ] .

You can use the "${GUAC_USERNAME}" token cause a parameter to vary by
> the username, like the "drive-path" parameter. Together with the
> "create-drive-path" parameter, this allows you to dynamically provide
> separate drives on a per-user basis.


 where exactly I have to do ? Where do I have to change this or add
${GUAC_USERNAME}.
Is it in Javascript or Java.

How can I control the size limit for each user ?


Can I define volume size for each user ?


@Mike : Thanks for the quick response. I appreciate that. I read your side
note as well. I won't update the fix version of any bug reported by me ?
Really sorry for that mess.



Thanks and Regards,
Amarjeet Singh






On Sun, Jan 7, 2018 at 12:50 AM, Mike Jumper 
wrote:

> On Sat, Jan 6, 2018 at 10:58 AM, Amarjeet Singh 
> wrote:
> >
> > Hi Team,
> >
> > I have redirected shared drive on Windows server 2012 R 2. I have 5
> users in that machine.
> >
> > I have mapped this drive to one of the folder  of Centos 7 where
> guacamole server runs.
> >
> > Now,  all the users are getting the same shared drive folder.
> >
>
> Sounds OK so far.
>
> >
> > It means one user can access files of  other users. It is very dangerous.
> >
> > It is breach of security and privacy as well.
> >
> > Is it any configuration I am missing ?
> >
>
> Guacamole will only do what you tell it to do. If you configure the
> connection for each user to use the same drive directory, then each
> user will have equivalent access to the contents of that directory. If
> this is not what you want, then you need to tell Guacamole to do
> something else.
>
> The mechanism most users use to ensure that each user is given a
> different drive directory are parameter tokens:
>
> http://guacamole.apache.org/doc/gug/configuring-guacamole.
> html#parameter-tokens
>
> You can use the "${GUAC_USERNAME}" token cause a parameter to vary by
> the username, like the "drive-path" parameter. Together with the
> "create-drive-path" parameter, this allows you to dynamically provide
> separate drives on a per-user basis.
>
> Alternatively, you can write an extension for Guacamole which derives
> connection parameter data however you like, including populating the
> "drive-path" parameter dynamically based on the user, some unique
> value generated for that session, etc.
>
> >
> > Data of the user should be deleted once the session is disconnected
> otherwise it will occupy whole lot of space  in the server [ where
> guacamole server runs ].
> >
>
> No, part of the point of Guacamole's virtual drive is that the data
> persists:
>
> http://guacamole.apache.org/doc/gug/using-guacamole.html#rdp-virtual-drive
>
> If you want data to be deleted after a user disconnects, you will need
> to implement that functionality outside of Guacamole or through an
> extension, though I really wouldn't recommend this. The Principle of
> Least Surprise being what it is, I don't imagine users being happy
> when their uploaded files mystically disappear.
>
> > It will definitely  cause the server down.
> >
>
> No. If you provide your users with storage space, it does not
> immediately follow that your server will go down.
>
> If you intend to provide your users with storage, such as that
> provided by Guacamole's virtual drive, and you are concerned that they
> may use up disk space, you will need to architect that storage such
> that this is not an issue. Use separate filesystems to hold the drive
> contents, not the root filesystem of your Guacamole server.
>
> >
> > Every user 's shared drive should not be same.
> >
>
> If you do not want the shared drive to be the same, it must be
> configured to be different. See above.
>
> > And we cannot assign 50 user different folder location every time.
> >
>
> You can, though for 5 users I'd recommend 5, not 50. You can do this
> automatically, through the "${GUAC_USERNAME}" token or through writing
> your own extension to handle this, or manually, through creating 5
> separate connections. I would recommend the automatic route.
>
> - Mike
>

Re: Same shared Drive redirected to all users : Privacy and Security breach

[Mike Jumper]

On Sat, Jan 6, 2018 at 10:58 AM, Amarjeet Singh  wrote:
>
> Hi Team,
>
> I have redirected shared drive on Windows server 2012 R 2. I have 5 users in 
> that machine.
>
> I have mapped this drive to one of the folder  of Centos 7 where guacamole 
> server runs.
>
> Now,  all the users are getting the same shared drive folder.
>

Sounds OK so far.

>
> It means one user can access files of  other users. It is very dangerous.
>
> It is breach of security and privacy as well.
>
> Is it any configuration I am missing ?
>

Guacamole will only do what you tell it to do. If you configure the
connection for each user to use the same drive directory, then each
user will have equivalent access to the contents of that directory. If
this is not what you want, then you need to tell Guacamole to do
something else.

The mechanism most users use to ensure that each user is given a
different drive directory are parameter tokens:

http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens

You can use the "${GUAC_USERNAME}" token cause a parameter to vary by
the username, like the "drive-path" parameter. Together with the
"create-drive-path" parameter, this allows you to dynamically provide
separate drives on a per-user basis.

Alternatively, you can write an extension for Guacamole which derives
connection parameter data however you like, including populating the
"drive-path" parameter dynamically based on the user, some unique
value generated for that session, etc.

>
> Data of the user should be deleted once the session is disconnected otherwise 
> it will occupy whole lot of space  in the server [ where guacamole server 
> runs ].
>

No, part of the point of Guacamole's virtual drive is that the data persists:

http://guacamole.apache.org/doc/gug/using-guacamole.html#rdp-virtual-drive

If you want data to be deleted after a user disconnects, you will need
to implement that functionality outside of Guacamole or through an
extension, though I really wouldn't recommend this. The Principle of
Least Surprise being what it is, I don't imagine users being happy
when their uploaded files mystically disappear.

> It will definitely  cause the server down.
>

No. If you provide your users with storage space, it does not
immediately follow that your server will go down.

If you intend to provide your users with storage, such as that
provided by Guacamole's virtual drive, and you are concerned that they
may use up disk space, you will need to architect that storage such
that this is not an issue. Use separate filesystems to hold the drive
contents, not the root filesystem of your Guacamole server.

>
> Every user 's shared drive should not be same.
>

If you do not want the shared drive to be the same, it must be
configured to be different. See above.

> And we cannot assign 50 user different folder location every time.
>

You can, though for 5 users I'd recommend 5, not 50. You can do this
automatically, through the "${GUAC_USERNAME}" token or through writing
your own extension to handle this, or manually, through creating 5
separate connections. I would recommend the automatic route.

- Mike