On Tue, Feb 18, 2020, 00:32 jacotec <[email protected]> wrote: > OK, I found the issue for me and was able to fix it - maybe it'll help > others > with the same issue: > > I found this line in the syslog: > > Feb 18 08:06:32 guacamole guacd[11765]: guacd[11785]: WARNING:#011FreeRDP > initialization may fail: The current user's home directory ("/usr/sbin") is > not writable, but FreeRDP generally requires a writable home directory for > storage of configuration files and certificates. > > The service file which guacd creates at build runs guacd as the user > "daemon" which does not seem to have a writable home directory. As "useradd > -m damon" did not help to create a homedir for "daemon" I have changed the > user from "daemon" to "root" in /etc/systemd/system/guacd.service, then > "systemctl daemon reload" and "service guacd restart". > > RDP works fine now :-) > > It seems that either freerdp2 needs a writable homedir now, or the build > process of guacd has changed with 1.1.0 so that the service file now runs > guacd as user "daemon". >
Yes, freerdp2 needs a writable home directory: https://guacamole.apache.org/releases/1.1.0/#freerdp-200-requires-a-writable-home-directory No, guacd has not changed to run as "daemon", but the systemd unit that is part of the guacamole-server source specifies this and will not work correctly on a system where "daemon" does not have a writable home directory. If someone has a more elegant fix than running guacd as "root", please feel > free to comment ... Create a reduced-privilege user with a writable home directory. Use that user for the service. Only grant that user the permissions needed for guacd-related tasks (saving screen recordings, writing to RDPDR drives, etc.). with my solution I guess I need to edit the service file > again after each update. You don't need to update the service file each time you build. Such a file is specific to your environment, as it is you that will be defining the user account. You can use it until you have a reason to change it. It is unlikely you will ever need to change it due to an update. - Mike
