guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <>
Subject Re: Same shared Drive redirected to all users : Privacy and Security breach
Date Sun, 07 Jan 2018 13:54:55 GMT
On Sat, Jan 6, 2018 at 3:21 PM, Mike Jumper <>

> On Sat, Jan 6, 2018 at 12:10 PM, Amarjeet Singh <>
> wrote:
>> Hi Mike,
>> Use separate filesystems to hold the drive
>> contents,  not the root filesystem of your Guacamole server.
>> If I have 500 users then I can't have separate file system for each one
>> of them on the same  machine where guacamole server runs [ centos 7 ] .
> Can't or won't? ;)
> If you wanted to, you probably actually could do this (write an extension
> to dynamically create a temporary filesystem on a per-connection basis
> which is cleaned up upon disconnect), but I meant that you could create a
> single separate file system to isolate the overall base for all users'
> drives. If a number of users end up using way too much space, then the
> damage is limited to just RDP drive usage, and the rest of your server is
> unaffected.
...and this should be pretty easy to manage with some of the newer
filesystems - ZFS or btrfs, for example, allow for sub-volumes and quotas
per-volume, per-user, and/or per-group.  So, it should be relatively
straight-forward to create a filesystem or volume that has home directories
for each user and that can be passed using the ${GUAC_USERNAME} token, as
Mike mentioned,

Alternatively, if you make the user directories available via SFTP (e.g. on
another Linux fileserver) you can enable SFTP support, use AD domain
authentication on the Linux server, and enable SFTP on the connection using
the same username/password (tokens, for example) as they are using to log
into the connection.

Point is...there are many ways to accomplish what you are trying to do with
minimal administrative burden.


View raw message