Dear Yukiya, I solved this problem creating a volume redirection in my docker-compose.yml (relative to guacd container) to a folder that is owned by the UID of the guacd user in the guacd container. In the guacd container the UID of guacd user is 1000, so you should chown the directory to that UID (that, in your system, it could be the UID of a specific user that will be owner of that folder).
For any security concern, as that folder will be writable to the user that has UID 1000 in your server, it should be safe to change the UID of that user to another UID (and change subsequently all the permissions on the disk with find command) and reserve the UID 1000 to a user you can control. In my case I was lucky because UID 1000 is my non root user in that server. The same is applicable for the recordings folder. Regards Lorenzo Da: Yukiya Hayashi <[email protected]> Inviato: mercoledì 18 maggio 2022 03:44 A: [email protected] Oggetto: The "device redirection" feature in guacd-docker does not work since version 1.3.0 Hello everyone, I have a question. I have listed this question in the following Jira and was directed to ask this ML. https://issues.apache.org/jira/browse/GUACAMOLE-1609 ---- Background I am running Guacamole with Docker and using the "device redirection" feature on a Windows Server. After upgrading Guacamole from version 1.1.0 to 1.4.0, the "device redirection" function no longer works. What I investigated I have isolated the problem and found that there was no problem up to version 1.2.0 and the problem started with version 1.3.0. The cause appears to be that the user used in the container was changed from root to guacd starting with version 1.3.0. The guacd process seems to create a directory with the name of the target host in / in order to use "device redirection". Up to version 1.2.0, the directory was created without any problem because it was started as root user. However, since version 1.3.0, the "device redirection" does not seem to work because the directory cannot be created under / for the guacd user. Possible solutions I have the following two ideas, and I would like you to consider the latter approach if possible. § Make guacd startup user as root as it was up to version 1.2.0. § Change the path for the guacd process to create the "device redirection" directory to something appropriate (e.g. /tmp/ would be appropriate). Sample Logs The following is an excerpt from the log that occurred in my environment. I logged into the server "ADC01" and observed a permission error in the directory creation. > guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied ``` $ docker logs -f guacamole_guacd_1 guacd[6]: INFO: Guacamole proxy daemon (guacd) version 1.4.0 started guacd[6]: INFO: Listening on host 0.0.0.0, port 4822 guacd[6]: INFO: Creating new client for protocol "rdp" guacd[6]: INFO: Connection ID is "$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58" guacd[8]: INFO: No security mode specified. Defaulting to security mode negotiation with server. guacd[8]: INFO: Resize method: none guacd[8]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. guacd[8]: INFO: User "@b2afdcc7-7073-462d-9832-2f33a77ae844" joined connection "$b1cf7bda-715a-4085-8bfa-b60c7e4b7d58" (1 users now present) guacd[8]: INFO: Loading keymap "base" guacd[8]: INFO: Loading keymap "en-us-qwerty" guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000c guacd[8]: INFO: Connected to RDPDR 1.12 as client 0x000b guacd[8]: INFO: RDPDR user logged on guacd[6]: INFO: Creating new client for protocol "rdp" guacd[6]: INFO: Connection ID is "$7180e9d2-3825-40d1-9548-175164f931b3" guacd[25]: INFO: No security mode specified. Defaulting to security mode negotiation with server. guacd[25]: INFO: Resize method: none guacd[25]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. guacd[25]: INFO: User "@0a9109ca-f92c-474c-a310-80aee889a0f8" joined connection "$7180e9d2-3825-40d1-9548-175164f931b3" (1 users now present) guacd[25]: ERROR: Unable to create directory "/ADC01": Permission denied ``` ---- Best, Yukiya Hayashi
