On Thu, Jul 12, 2018 at 9:36 AM, Erik Berndt <[email protected]> wrote: >>Your best option is to set filesystem permissions appropriately such that >> only Guacamole can read guacamole.properties. > > I had a similar thought a few months ago and this is your best best. Yes, > the password is stored in plain text on a publicly available server, but > it's not being transmitted externally, so locking it down should be > sufficient. We use smtp relay on a couple of servers and have the config > files storing the credentials set to 644. I just checked and > guacamole.properties is set to 604, which from what I can recall was the > most restrictive mode without the service becoming inaccessible. >
In general, I'd recommend creating a group specific to Guacamole (like "guacamole"), adding the Tomcat user to that group, and ensuring guacamole.properties is owned by "root:guacamole" with 640 permissions (read/write for root, read-only to guacamole, unreadable to all others). That should lock things down nicely. - Mike
