guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Dinse <nan...@eskimo.com>
Subject Re: guacd not starting on boot
Date Mon, 11 Mar 2019 03:04:45 GMT

      Ok, rebuilt with the correct --with-systemd-dir=/lib/systemd/system and
now I had more problems.  Launched out of init.d it ran as root, launced out
of systemd, the unit file it created has User=daemon so it runs as daemon.
Problem with that is only root has access to /var/run and to the encryption key
file so I changed it back to root despite that being less secure.

      Lastly it still failed because it tried to start before /misc was mounted
which is where the key file was so I modified the unit file line:

After=network.target

    to:

After=network.target misc.mount

     /misc is the file system where I have the encryption certs and keys.

     Now it starts properly after a reboot.  Downside, as with when it ran
out of /etc/init.d, it is running as root which from a security perspective
is undesirable.

     What guacd should have is an item that goes into guacd.conf for user and
group so it can start as root, write the pid file and read the necessary
cert and key files, and then switch to said user and group just like Apache
httpd and tomcat do.

     Then it could be both secure and functional.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
  Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
    Knowledgeable human assistance, not telephone trees or script readers.
  See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Sun, 10 Mar 2019, Nick Couchman wrote:

> Date: Sun, 10 Mar 2019 21:09:14 -0400
> From: Nick Couchman <vnick@apache.org>
> Reply-To: user@guacamole.apache.org
> To: user@guacamole.apache.org
> Subject: Re: guacd not starting on boot
> 
> On Sun, Mar 10, 2019 at 8:07 PM Robert Dinse <nanook@eskimo.com> wrote:
>
>>
>>       I have guacd installed, built with the --with-systemd flag and it
>> does
>> not install a systemd file but an initd file which systemd recognizes and
>> says it installs however, while systemctl start guacd works fine and
>> systemctl enable guacd indicates it did the right thing, it does not start
>> upon boot, I have to manually start it.  Because some of the things it uses
>> are on NFS partitions, I suspect it's trying to start before NFS is up and
>> failing.
>>
>>
> A couple of notes:
> - The "--with-systemd" flag is not valid.  The flag is
> "--with-systemd-dir=<directory>", where directory is the location where
> you'd like the systemd files installed.  Can you please verify if that's
> the flag you're using, and if you're specifying a directory, like
> /etc/systemd/system or /usr/lib/systemd/system?
> - Have you tried removing the initd file, reloading systemd (systemctl
> daemon-reload) and seeing if the systemd unit then references the unit file
> (assuming it's actually being installed)?
> - If you have guacd running in a situation where NFS is required for guacd
> to start you're going to have to make some modifications to either the
> initd script or the systemd script.  It sounds like, in this case, that the
> issue is not with either the guacd initd or systemd files, but with a
> customized environment you have.  That's fine - we certainly don't expect
> every environment to follow the ones we're used to; however, you may have
> to do a little tweaking to the scripts to make them wait for NFS to be up
> before starting guacd, if guacd is on a NFS share.  I would suspect even if
> you get the systemd script to install that you'll still have the same
> issue, because the standard systemd unit file we provide does not require
> NFS to be up.  Fortunately, those changes should be relatively trivial to
> either the initd script or the systemd unit file.
>
> -Nick
>

Mime
View raw message