guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: guacd not starting on boot
Date Mon, 11 Mar 2019 13:10:46 GMT
On Mon, Mar 11, 2019 at 7:37 AM Robert Dinse <nanook@eskimo.com> wrote:

>
>       /var/run is a tempfs file system and recreated at each boot so
> changing
> the perms on it are gone on the next boot.  As for the encryption key, lots
> of things run as daemon, I don't want them all having access to the key.
>

Yes.  I addressed both of these issues in my previous e-mail:
- /var/run is managed by tmpfilesd on most systems where it is completely
temporary and that also run systemd.  So, you can put rules into
/etc/tmpfiles.d that create these files for you.
- You do not have to use the "daemon" user.  It was a convenient default
for the purposes of creating and distributing the systemd unit file, but
you can run guacd under any user account that you like.  Again, as already
mentioned, I generally create a "guac" user account and run both Tomcat and
guacd under that user account. This way I can 1) make sure neither guacd or
Tomcat are running as root, and 2) that both have the necessary access to
the files and folders under /etc/guacamole that define the configuration
for Guacamole, including sensitive information like certificates/keys,
database username/password, etc.


>
>        At any rate, that's my suggestion for functionality.
>

Appreciated.  You're welcome to file a feature request in JIRA for this and
see where it goes.  The point is, it isn't required to get where you want
to go.


>
>        I still have some other issues to work out but they're with my hosts
> not with guacamole.  I have sound working on debian and mint.  Have not
> been
> able to get it to work on ubuntu yet nor on any redhat derived system, I
> get
> connection refused from the pulseaudio port on those machines even after
> adding
> the suggested configuration change to /etc/pulse/default.pa.
>
>
RedHat has firewalld enabled and active by default, I believe, so it's
possible that's blocking something.  Not sure about Ubuntu.

-Nick

Mime
View raw message