I have a new Xserve running 10.5.7. Im creating a server in which
users will SHH into it exclusively. Other than X11, there will be no
GUI access (no console, no RD, so VNC, etc). They are running some
custom perl programs on the Xserve. All data is stored on external
volumes. User accounts live in AD.
When a new user requests access to the Xserve, I run the script which
does 3 things:
1) Make a new home directory in /Volumes/SAN/Users/<$new_user>
<----------Note this is not the default location for user home
directories.
2) Populates it with subfolders from the user template in /System/
Library/User Template (Im putting things in here that all my users
will need, like a custom .bash_profile, a special ~/mnt directory, etc)
3) Change the ownership permissions on the new home dir so the new
user can access it.
Im not creating the user accounts in the Accounts Pref pane at all. Im
doing it with scripts. I dont even know the user's passwords, Im just
creating a home folder. My user information comes from Active
Directory. I dont need to keep user passwords and user records on the
Xserve. All of this info is stored in AD, and of course the Xserve is
bound to AD. Managed Mobile accounts are disabled. Other than the root
account and a local admin account, there are no user records on this
Xserve at all.
Hres my main concern: As indicated above in Step 1, I plan to put the
users home dirs on a SAN volume, rather than the local boot volume. I
have changed this path in the Accounts GUI pane before, but I dont
know how to tell OS X that all ssh users will need to have their homes
in /Volumes/SAN/Users rather than /Users. I assume this must be done
in DSCL or in some other config file?
My scripts are not interacting with DSCL and thus the home dirs Im
creating dont show up in the Accounts system preference pane. I dont
see a problem with this. Should I care that the Accounts pane doesnt
see the homes?
Has anyone else ever created a similar workflow for home dir creation?
Should there be an additional step 4 above that talks to DSCL or tells
Mac OS X where these user's homes will live? Id prefer to keep the
local admin account in /Users (So I can log in as the admin even when
the SAN is not mounted etc)
Do I need to do anything else? Are there any gotchas to doing it this
way? Is there anything I need to do in DSCL to provision the user's
home dir's?
