On Fri, Sep 15, 2023 at 4:17 PM Holderby, Brandon <[email protected]>
wrote:
> I believe recordings are going (seen in his screenshot)
>
>
>
> I want to say the “owner” of the recording path needs to be “tomcat”,
> maybe someone can correct me if I am wrong.
>
No, the owner does not need to be tomcat, but the following two things must
be true:
* The user account under which guacd is running must have
read/write/execute access to the folder where the recordings are stored.
Since guacd does the actual recording of the session, it needs to be able
to write the files. This also means it will need the appropriate access to
the folders above where the recording folder is located - at least execute,
to be able to traverse the folder structure.
* The user account under which Tomcat (or JBoss, etc.) is running must have
read access to the folder and files where the recordings are stored, as the
extension that enumerates those recordings is part of the web application.
This means that the folder access must be appropriate, but also that the
recording files created by guacd must be created with a mode that allows
the Tomcat user to read them.
At least one way to accomplish this, assuming that guacd and Tomcat are
running on the same system, is to:
* Create a UNIX group ("guacamole", for example).
* Add the user running guacd to the "guacamole" group.
* Add the user running Tomcat to the "guacamole" group.
* Make sure ownership of the recording folder is set to the guacd user and
"guacamole" group.
* Make sure the mode of the recording folder is set to at least 0750
(read/write/execute for guacd user, read/execute for "guacamole" group).
* Make sure that the mode of the recording files is at least 0640
(read/write for user guacd user, read for "guacamole" group).
-Nick
>
