This is because you are storing recordings beneath a directory that you are also using as the template for GUACAMOLE_HOME. When you set GUACAMOLE_HOME within the Docker image, the container will attempt to make a copy of the contents of that directory and then overlay any additional configuration from environment variables on top of that. The file permissions associated with recordings would prevent that from working. See:
https://guacamole.apache.org/doc/gug/guacamole-docker.html#custom-extensions-and-guacamole-home You should separate the path intended for configuration from the path intended for recordings. Besides running into trouble with the image's GUACAMOLE_HOME templating, it is bad practice to use locations beneath /etc for anything but configuration. The default value used by the session recording playback extension ("/var/lib/guacamole/recordings") would be a good choice: https://guacamole.apache.org/doc/gug/recording-playback.html - Mike On Fri, Apr 21, 2023 at 8:03 AM Michael Hess <[email protected]> wrote: > I've upgraded to 1.5.1 and it fixed the printer issues with Ghostscript, > thank you!!!! > > I can't get recordings working right though, they won't show in the log, > and when I restart the docker containers, guacamole won't start until I > remove all files/folders in the recording path. Here's my error: > > cp: cannot access > '/etc/guacamole/./recordings/0a63c2ef-a236-3551-a860-82133f4abcdf': > Permission denied > > On the Host Ubuntu server I've created users with the GUID of 1000,1001, > and 1002, so those match the guacd and guacamole servers' user GUIDs. > > I've added all those users to a group "guac" and chmod'd the recordings > folder to {admin account}:guac and files appear with the correct owner and > group on the Host server. > > On the Host server, the folder is *~/configs/guac/recordings*. > > Here's my docker-compose.yml bits: > > guacd: > env_file: .env > container_name: guacd > image: guacamole/guacd > restart: unless-stopped > networks: > - internal > volumes: > - '${BASEDIR}/guac/drive:/var/lib/guacamole/drive:rw' > - *'${BASEDIR}/guac/recordings:/var/lib/guacamole/recordings:rw'* > > guacamole: > env_file: .env > container_name: guacamole > image: 'guacamole/guacamole:latest' > restart: unless-stopped > volumes: > - '${BASEDIR}/guac:/etc/guacamole' > - '${BASEDIR}/guac/server.xml:/usr/local/tomcat/conf/server.xml' > ports: > - '8080' > environment: > GUACD_HOSTNAME: "guacd" > EXTENSION_PRIORITY: "saml, *" > SKIP_IF_UNAVAILABLE: "saml" > GUACAMOLE_HOME: '/etc/guacamole' > > MYSQL_HOSTNAME: "guacdb" > MYSQL_DATABASE: "${DB}" > MYSQL_USER: "${DBUSER}" > MYSQL_PASSWORD: "${DBPASS}" > # MYSQL_AUTO_CREATE_ACCOUNTS: "true" > # Use this vs the above line if groups aren't specified narrowly in > SAML/LDAP > MYSQL_USER_REQUIRED: "true" > > # Move SAML to primary config file > SAML_CALLBACK_URL: "" > SAML_IDP_METADATA_URL: "" > SAML_ENTITY_ID: "" > SAML_GROUP_ATTRIBUTE: "" > ADDITIONAL_GUACAMOLE_PROPERTIES: "saml-strict: false" > > # LDAP_HOSTNAME: "" > # LDAP_PORT: > # LDAP_ENCRYPTION_METHOD: "" > > # LDAP_USER_BASE_DN: "" > # LDAP_USERNAME_ATTRIBUTE: "sAMAccountName" > # LDAP_USER_SEARCH_FILTER: > "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=***)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" > > # LDAP_SEARCH_BIND_DN: "" > # LDAP_SEARCH_BIND_PASSWORD: "" > > # LDAP_GROUP_BASE_DN: "" > # LDAP_GROUP_NAME_ATTRIBUTE: "cn" > # LDAP_MEMBER_ATTRIBUTE: "member" > > TOTP_ENABLED: 'false' > > *RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings"* > > depends_on: > - guacdb > - guacd > networks: > - internal > > > > Thank you for any advice! > > Michael >
