guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Underwood <r...@greymarketlabs.com>
Subject RE: Permissions on screen capture recordings
Date Tue, 16 Jan 2018 14:11:22 GMT
That's what I get for digging up a man page. I misread the mode requirement as calling for
open(3) vs using the status flags in open(2). It did seem unlikely that it would be working
so universally if that were the case.

To Aaron's original question to get permissions other than 600: changing the flags in recording.c
and recompiling guacd should give you whatever permissions you're looking for. Alternatively,
Docker on Windows is much more generous with default permissions, at least in a shared volume
mounted inside the container.

-Ryan

Sent from my Android phone using TouchDown (www.symantec.com)

-----Original Message-----
From: Mike Jumper [mike.jumper@guac-dev.org]
Received: Tuesday, 16 Jan 2018, 12:02AM
To: user@guacamole.apache.org [user@guacamole.apache.org]
Subject: Re: Permissions on screen capture recordings

On Mon, Jan 15, 2018 at 11:59 AM, Ryan Underwood <ryan@greymarketlabs.com<mailto:ryan@greymarketlabs.com>>
wrote:
Aaron and Mike,
This may be an issue in the source for recording.c (line 83 and again for the naming retries):

    /* Attempt to open recording */
    int fd = open(basename, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);

man(2) for open states that if you use O_CREAT you must supply the mode parameter which will
set the permissions. However, the fd that is returned may still work as a r/w—so the program
functions but the permissions may not be correct. For reference: http://man7.org/linux/man-pages/man2/open.2.html
Perhaps this should be changed to open(3) with the intended mode_t supplied. I hesitate to
even suggest this because I would have expected it to be a problem for more people if it’s
actually the case.

The mode is specified there, actually. Things probably blur together a bit, but there are
indeed three parameters there. That last parameter, S_IRUSR | S_IWUSR, is the symbolic way
to represent mode 0600.

Using docker on windows they get created as rwxr-xr-x but that is a docker/windows concern
(I think) so I’m unable to reproduce this behavior.

My suspicion is that Windows is ignoring the specified value, that the underlying filesystem
doesn't support UNIX-style file permissions, or that something else at the system level is
overriding things back to 0755.

- Mike


Mime
View raw message