I guess the point I was trying to make about it not being a solution is that, as it stands right now, if you fire up the two docker images provided, you will not have a working solution that has the ability to record and view the recordings. Unless you happen to stumble across this conversation chain while debugging why the recordings aren’t showing up in the browser, you’re going to waste a couple hours just like I did figuring out that I need to modify the GIDs of the user account in one of the containers to match the other container.
What I’m suggesting is adding the user to the group directly in the Dockerfile so that people don’t have to go searching around for solutions to why their recordings aren’t showing up in the browser even though they created a directory with the correct permissions. Adding “RUN usermod --append --groups ubuntu guacamole” after the line https://github.com/apache/guacamole-client/blob/02058e7fc73b52a8dc0ef1176db81ff80dff9e15/Dockerfile#L94 would be all that is necessary to fix this. As for your first alternative solution you mentioned, the recording directory (typically created by the user and mounting into the container) is not the problem, it’s the directories within that directory that are created by guacd that is the problem, so that wouldn’t actually fix this. As for the second alternative solution, none of the devices I am running guacamole on currently have POSIX ACLs. -Nathaniel Belles > On Oct 5, 2024, at 18:57, Nathaniel Belles <[email protected]> wrote: > Hey all, > > I'm testing staging/1.6.0 and seem to be having an issue with recording > permissions where I am unable to see session recordings in the browser > without changing the permissions of every session folder and session file > created by guacamole-server. > > I have a recording folder that is visible to both guacamole-server and > guacamole-client with 777 permissions. When opening a session, I see > confirmation that a file was opened for recording in the logs for > guacamole-server. I am manually able to traverse the files outside of both > docker containers and see that the files from the session were created but > the session folder is created with 750 permissions and the recording files > are created with 640 permissions. If I do a simple `chmod -R o+rx > <session-id>` on the session recording folder to add back read execute > permission for "others", it immediately resolves the issue and I can see the > recordings in the browser again. If I look at the user id for the > guacamole-server docker container it is 1000 and the user id for the > guacamole-client container is 1001. I looked at the code differences between > staging/1.6.0 and 1.5.5 and it seems that some changes were made to the file > permissions for "others" when creating the folder and the recordings which I > suspect might be where this issue originates from. Would love to hear if any > others are experiencing this issue. Thanks! > > -Nathaniel Belles
