On Sat, Jan 6, 2018 at 10:58 AM, Amarjeet Singh <amarjee...@gmail.com> wrote: > > Hi Team, > > I have redirected shared drive on Windows server 2012 R 2. I have 5 users in > that machine. > > I have mapped this drive to one of the folder of Centos 7 where guacamole > server runs. > > Now, all the users are getting the same shared drive folder. >
Sounds OK so far. > > It means one user can access files of other users. It is very dangerous. > > It is breach of security and privacy as well. > > Is it any configuration I am missing ? > Guacamole will only do what you tell it to do. If you configure the connection for each user to use the same drive directory, then each user will have equivalent access to the contents of that directory. If this is not what you want, then you need to tell Guacamole to do something else. The mechanism most users use to ensure that each user is given a different drive directory are parameter tokens: http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens You can use the "${GUAC_USERNAME}" token cause a parameter to vary by the username, like the "drive-path" parameter. Together with the "create-drive-path" parameter, this allows you to dynamically provide separate drives on a per-user basis. Alternatively, you can write an extension for Guacamole which derives connection parameter data however you like, including populating the "drive-path" parameter dynamically based on the user, some unique value generated for that session, etc. > > Data of the user should be deleted once the session is disconnected otherwise > it will occupy whole lot of space in the server [ where guacamole server > runs ]. > No, part of the point of Guacamole's virtual drive is that the data persists: http://guacamole.apache.org/doc/gug/using-guacamole.html#rdp-virtual-drive If you want data to be deleted after a user disconnects, you will need to implement that functionality outside of Guacamole or through an extension, though I really wouldn't recommend this. The Principle of Least Surprise being what it is, I don't imagine users being happy when their uploaded files mystically disappear. > It will definitely cause the server down. > No. If you provide your users with storage space, it does not immediately follow that your server will go down. If you intend to provide your users with storage, such as that provided by Guacamole's virtual drive, and you are concerned that they may use up disk space, you will need to architect that storage such that this is not an issue. Use separate filesystems to hold the drive contents, not the root filesystem of your Guacamole server. > > Every user 's shared drive should not be same. > If you do not want the shared drive to be the same, it must be configured to be different. See above. > And we cannot assign 50 user different folder location every time. > You can, though for 5 users I'd recommend 5, not 50. You can do this automatically, through the "${GUAC_USERNAME}" token or through writing your own extension to handle this, or manually, through creating 5 separate connections. I would recommend the automatic route. - Mike
