guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: Same shared Drive redirected to all users : Privacy and Security breach
Date Sat, 06 Jan 2018 19:20:36 GMT
On Sat, Jan 6, 2018 at 10:58 AM, Amarjeet Singh <amarjeetxc@gmail.com> wrote:
>
> Hi Team,
>
> I have redirected shared drive on Windows server 2012 R 2. I have 5 users in that machine.
>
> I have mapped this drive to one of the folder  of Centos 7 where guacamole server runs.
>
> Now,  all the users are getting the same shared drive folder.
>

Sounds OK so far.

>
> It means one user can access files of  other users. It is very dangerous.
>
> It is breach of security and privacy as well.
>
> Is it any configuration I am missing ?
>

Guacamole will only do what you tell it to do. If you configure the
connection for each user to use the same drive directory, then each
user will have equivalent access to the contents of that directory. If
this is not what you want, then you need to tell Guacamole to do
something else.

The mechanism most users use to ensure that each user is given a
different drive directory are parameter tokens:

http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens

You can use the "${GUAC_USERNAME}" token cause a parameter to vary by
the username, like the "drive-path" parameter. Together with the
"create-drive-path" parameter, this allows you to dynamically provide
separate drives on a per-user basis.

Alternatively, you can write an extension for Guacamole which derives
connection parameter data however you like, including populating the
"drive-path" parameter dynamically based on the user, some unique
value generated for that session, etc.

>
> Data of the user should be deleted once the session is disconnected otherwise it will
occupy whole lot of space  in the server [ where guacamole server runs ].
>

No, part of the point of Guacamole's virtual drive is that the data persists:

http://guacamole.apache.org/doc/gug/using-guacamole.html#rdp-virtual-drive

If you want data to be deleted after a user disconnects, you will need
to implement that functionality outside of Guacamole or through an
extension, though I really wouldn't recommend this. The Principle of
Least Surprise being what it is, I don't imagine users being happy
when their uploaded files mystically disappear.

> It will definitely  cause the server down.
>

No. If you provide your users with storage space, it does not
immediately follow that your server will go down.

If you intend to provide your users with storage, such as that
provided by Guacamole's virtual drive, and you are concerned that they
may use up disk space, you will need to architect that storage such
that this is not an issue. Use separate filesystems to hold the drive
contents, not the root filesystem of your Guacamole server.

>
> Every user 's shared drive should not be same.
>

If you do not want the shared drive to be the same, it must be
configured to be different. See above.

> And we cannot assign 50 user different folder location every time.
>

You can, though for 5 users I'd recommend 5, not 50. You can do this
automatically, through the "${GUAC_USERNAME}" token or through writing
your own extension to handle this, or manually, through creating 5
separate connections. I would recommend the automatic route.

- Mike

Mime
View raw message