On Mon, Mar 11, 2019 at 7:37 AM Robert Dinse <[email protected]> wrote:
> > /var/run is a tempfs file system and recreated at each boot so > changing > the perms on it are gone on the next boot. As for the encryption key, lots > of things run as daemon, I don't want them all having access to the key. > Yes. I addressed both of these issues in my previous e-mail: - /var/run is managed by tmpfilesd on most systems where it is completely temporary and that also run systemd. So, you can put rules into /etc/tmpfiles.d that create these files for you. - You do not have to use the "daemon" user. It was a convenient default for the purposes of creating and distributing the systemd unit file, but you can run guacd under any user account that you like. Again, as already mentioned, I generally create a "guac" user account and run both Tomcat and guacd under that user account. This way I can 1) make sure neither guacd or Tomcat are running as root, and 2) that both have the necessary access to the files and folders under /etc/guacamole that define the configuration for Guacamole, including sensitive information like certificates/keys, database username/password, etc. > > At any rate, that's my suggestion for functionality. > Appreciated. You're welcome to file a feature request in JIRA for this and see where it goes. The point is, it isn't required to get where you want to go. > > I still have some other issues to work out but they're with my hosts > not with guacamole. I have sound working on debian and mint. Have not > been > able to get it to work on ubuntu yet nor on any redhat derived system, I > get > connection refused from the pulseaudio port on those machines even after > adding > the suggested configuration change to /etc/pulse/default.pa. > > RedHat has firewalld enabled and active by default, I believe, so it's possible that's blocking something. Not sure about Ubuntu. -Nick
