Hi Joachim, We use Guacamole with some customizations (code changes). The way we implemented it - the redirected folder is a per-session temporary folder, it has a unique name and it's deleted at the end of the session, so other users in RDP sessions (or even the same user from another session) can't see the files from within the session, but if someone gets access to the server with the right permissions they would get access to the files, this what we are trying to mitigate.
Thanks, Gabriel On Wed, 4 May 2022 at 17:59, Nick Couchman <[email protected]> wrote: > On Wed, May 4, 2022 at 10:44 AM Joachim Lindenberg > <[email protected]> wrote: > >> Hello Nick & Gabriel, >> >> before thinking about encryption, what is the user and authorization >> concept for that share? Can every user see and change all other users >> files? Or are the paths somehow distinct for all users, disallowing >> sharing? The doc only states, the guacd process needs to be able to >> read/write the directory, nothing else. >> > > It's important to understand that the access to the redirected folder is > done by the user running guacd. So, if you point all users to the same > exact folder in the redirection, everyone will have access to all of the > files. This can be mitigated in a couple of ways: > * Use tokens in Guacamole to point users to their own folders - > for example, the path in the redirection could be > /files/guacamole/${GUAC_USERNAME}, which means each user logging into > Guacamole (not necessarily the remote system) will have their own folder. > * Instead of using folder redirection, use SSH on a server with Samba > installed, so you can transparently share that folder both with the remote > system (via SMB) and with the Guacamole browser (via SSH). > > >> In fact I never enabled that drive, because I never understood and thus >> referred my users to using standard shares that support ACLs (and all the >> shares are ultimately protected by Bitlocker, as is my Guacamole setup as >> it runs on Hyper-V). >> > > Yes, folder redirection is different than a file share. > > >> >> >> Thanks for your answer Nick! >> >> It's not so clear to me how this can be implemented only on the remote >> server side since files are uploaded by Guacamole without any involvement >> of the remote server, unless it somehow monitors the folder and each time a >> new file is created it encrypts it immediately. >> >> I will look into it, thanks! >> > > Yeah, you're correct about that - it wouldn't work for the remote access > from Guacamole (the browser) to the remote server. So, there'd have to be > some additional work (coding) done to make it work for both the remote > system (server via RDP) and the web browser. > > -Nick >
