Run Guacamole-Server as Non-Root

Guacamole is a really good but sometimes difficult to debug software which proxies maintenance connections like RDP and VNC. However, I struggled a little bit to run the guacd (Guacamole Daemon) without being root.

Compile it (the normal way)

./configure --with-init-dir=/etc/init.d

sudo make

sudo make install

sudo ldconfig

Create User

sudo adduser guacuser

Warning: Depending on your settings this user might be able to login via SSH.

Create Configuration

touch /var/run/guacd.pid

sudo chown guacuser.guacuser /var/run/guacd.pid

Create the pid file and set the new user as owner

sudo mkdir /etc/guacamole

That's the standard place for your configurations

sudo chown guacuser.guacuser /etc/guacamole

Set the file permissions to the new user. And from now on, operate as the new user.

vi /etc/guacamole/guacd.conf

Here you can set the server properties, e.g. port or log_level, take a look at the documentation for more information.

Start the guacd daemon as non-root user

Start the daemon with your new user!

su guacuser

/etc/init.d/guacd start

Leave a Comment

comments powered by Disqus