You really shouldn't be running guacd or tomcat as root (or really anything else you can avoid doing so on). Create service accounts for both and run/permission them according to those accounts.
As mentioned its likely a good idea to set ownership and file permissions on the tomcat/guacamole related directories to be as restrictive as you can while still working. Password hashing would be a good way to go. The /path/to/file method is pointless...the idea with that is have a credential file with more strict permissions (and usually a hidden file, aka .filename) than the file that looks at it...you can just set the guac.properties to be that strict instead. Also, there are many other things you can do to help secure guacamole that really makes this a non-issue (from an outside threat perspective): - Dont run things as root - Dont allow root ssh (instead authorized users should need to su, sudo -i, etc. if they need root...which should be very rare). - Run behind a reverse proxy - Properly configure HTTPS/SSL and enforce it. - Use service accounts with no shell login, and when possible no home dir for running services. - Log access and usage. Monitor logs or at least periodically check. - Backup, backup...and then backup some more. You can never have too many backups. Scheduled, on site/off site, manual, etc. Test backups to make sure you can get set back up. - If available use security features like SEL or AppArmour - Use 2FA like TOTP - Do NOT expose SSH or anything other than ports 80/443 to your server from the outside world. If you must remote access the server itself VPN. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
