RE: Permissions on screen capture recordings

Mon, 15 Jan 2018 11:59:42 -0800 

Aaron and Mike,
This may be an issue in the source for recording.c (line 83 and again for the 
naming retries):

    /* Attempt to open recording */
    int fd = open(basename, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);

man(2) for open states that if you use O_CREAT you must supply the mode 
parameter which will set the permissions. However, the fd that is returned may 
still work as a r/w—so the program functions but the permissions may not be 
correct. For reference: http://man7.org/linux/man-pages/man2/open.2.html 
Perhaps this should be changed to open(3) with the intended mode_t supplied. I 
hesitate to even suggest this because I would have expected it to be a problem 
for more people if it’s actually the case.
Using docker on windows they get created as rwxr-xr-x but that is a 
docker/windows concern (I think) so I’m unable to reproduce this behavior.

-Ryan

From: Aaron Newsome [mailto:aaron.news...@gmail.com]
Sent: Monday, January 15, 2018 2:27 PM
To: Mike Jumper <mike.jum...@guac-dev.org>
Cc: user@guacamole.apache.org
Subject: Re: Permissions on screen capture recordings

I've resolved the issue with the file permissions on the recordings. I still 
think the cleanest way to playback the recordings, is for the files to be 
written with permissions that allow them to be read but I also realize that not 
everyone would want this. The most restrictive permissions on the session 
recordings is probably the best default for most users.

What I've done on my Guacamole server is to create a webpage that allows me to 
browse the recordings. When the webpage is loaded, it scans the directory that 
contains the recordings and checks the permissions on each recording file. If 
the permissions are 600, it changes them to 666. The webpage contains a link 
for each session recording to launch the player.

This is a workable solution for me, so no need to track down how to write the 
recordings with 666 permissions.

Thanks, Aaron

On Sun, Jan 14, 2018 at 4:24 PM, Mike Jumper 
<mike.jum...@guac-dev.org<mailto:mike.jum...@guac-dev.org>> wrote:
On Jan 14, 2018 16:19, "Aaron Newsome" 
<aaron.news...@gmail.com<mailto:aaron.news...@gmail.com>> wrote:
Hello guys. I've noticed that the permissions on recordings are 600. How would 
I go about changing that?

Can you provide any background on the need for such a change?

- Mike

Reply via email to