BTW, the recommend method of preparing a directory for recording storage
for both guacd and Guacamole is to create a directory that:
1) Is owned by the "guacd" user.
2) Is owned by the group that Tomcat runs with.
3) Has the "setgid" bit set (such that recordings placed within this
directory will automatically be readable by the group used by Tomcat).
This way, both guacd and the Guacamole webapp can operate with their own
distinct and reduced privileges.
See:
https://guacamole.apache.org/doc/gug/recording-playback.html#preparing-a-directory-for-recording-storage
- Mike
On 8/5/2023 10:58 AM, Maciej Konigsman wrote:
Yes, this was the problem.
guacd user has ID 1000 but guacamole user - 1001.
Thanks for your help!
Maciek
On Sat, 5 Aug 2023 at 18:44, Michael Jumper <[email protected]
<mailto:[email protected]>> wrote:
If you use "docker exec" to start a shell within the guacamole
container, and you take a look at the path specified as the recording
path, how do things look now? What file permissions and ownerships does
the guacamole container see? Do you see the recordings present on the
filesystem and readable by the "guacamole" group? What about the
directories leading up to the recordings?
- Mike
On 8/4/23 23:43, Maciej Konigsman wrote:
> This was exactly the problem. Thanks for the hint.
> I had a volume /record mounted in guacd but I was missing it in
guacamole.
> I can now see recording and typescript files being created.
> image.png
>
> However, there isn't a link to the recording under history/logs. No
> error in guacd or guacamole container logs.
> image.png
>
> On Fri, 4 Aug 2023 at 14:54, Nick Couchman <[email protected]
<mailto:[email protected]>
> <mailto:[email protected] <mailto:[email protected]>>> wrote:
>
> On Fri, Aug 4, 2023 at 8:33 AM Maciej Konigsman
> <[email protected]> wrote:
> >
> > Hello,
> >
> > I'm running Guacamole in containers (version 1.5.3).
> > I can't make work sessions recording.
> > I enabled recording extension
> (guacamole-history-recording-storage-1.5.3.jar) by setting
env var
> RECORDING_SEARCH_PATH in guacamole/guacamole container. The other
> recording parameters are not implemented in the start.sh script.
> >
> > So, I see that the extension is loaded but the sessions
are not
> recorded.
> > 16:26:32.049 [localhost-startStop-1] INFO
> o.a.g.extension.ExtensionModule - - [recording-storage] "Session
> Recording Storage"
>
(/home/guacamole/.guacamole/extensions/guacamole-history-recording-storage-1.5.3.jar)
> >
> > I configured the sessions recording with variables and a
literal
> path. Both don't work.
> >
> >
> >
> > I even updated the start.sh script to include other recording
> parameters but without success.
> > Here are parameters configured in guacamole.properties file:
> >>
> >> recording-search-path: /home/guacamole/recordings
> >> recording-path: /home/guacamole/recordings
> >> create-recording-path: true
> >> recording-include-keys: true
> >
> >
> > Any idea what might be wrong?
>
> It sounds like you're running in Docker containers? There are
several
> things to be aware of with the recording extension, and they
become a
> little more complex when using containers:
> * The actual recording of the sessions is done by guacd (if
you're
> using containers, the guacamole/guacd) container. So, the guacd
> container, and the user/UID under which it is running, will
need write
> access to the path where you want to store the recordings.
> * The display of the recordings in the Guacamole web
interface is done
> by Guacamole Client (the guacamole/guacamole container). So, this
> container, and the user/UID under which it is running, will
need read
> access to the path where you have stored the recordings.
> * If you're using containers, you'll need to have a shared
location
> that both the guacamole/guacd and guacamole/guacamole
containers can
> access. This is generally done by specifying a volume for both
> containers to use, and mounting that volume at the same
location on
> both containers. You'll also need to make sure the security
of that
> volume/location is such that 1) guacd can write files, and 2)
> guacamole can read the files.
>
> -Nick
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>
> For additional commands, e-mail:
[email protected] <mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
<mailto:[email protected]>
For additional commands, e-mail: [email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
