guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: Same shared Drive redirected to all users : Privacy and Security breach
Date Sat, 06 Jan 2018 20:21:55 GMT
On Sat, Jan 6, 2018 at 12:10 PM, Amarjeet Singh <>

> Hi Mike,
> Use separate filesystems to hold the drive
> contents,  not the root filesystem of your Guacamole server.
> If I have 500 users then I can't have separate file system for each one of
> them on the same  machine where guacamole server runs [ centos 7 ] .
Can't or won't? ;)

If you wanted to, you probably actually could do this (write an extension
to dynamically create a temporary filesystem on a per-connection basis
which is cleaned up upon disconnect), but I meant that you could create a
single separate file system to isolate the overall base for all users'
drives. If a number of users end up using way too much space, then the
damage is limited to just RDP drive usage, and the rest of your server is

You can use the "${GUAC_USERNAME}" token cause a parameter to vary by
>> the username, like the "drive-path" parameter. Together with the
>> "create-drive-path" parameter, this allows you to dynamically provide
>> separate drives on a per-user basis.
>  where exactly I have to do ? Where do I have to change this or add ${GUAC_USERNAME}.
> Is it in Javascript or Java.
Neither - it's connection configuration data. You would specify it for the
"drive-path" parameter of the connection in question. If you're using the
web interface to manage your connections, this is the connection parameter
labeled "Drive path". For example, instead of:


you would specify:


When a user attempts to connect using that connection, their username will
be automatically substituted. Read through the "parameter tokens" section
of the part of the manual covering connection configuration - it should be
relatively clear:

- Mike

View raw message