Thread-topic: Best practices for creating home dirs via shell scripts?
User-agent: Microsoft-Entourage/12.20.0.090605
On 7/24/09 10:05 AM, "Dan Stranathan" <email@hidden> wrote:
> I have a new Xserve running 10.5.7. Im creating a server in which
> users will SHH into it exclusively. Other than X11, there will be no
> GUI access (no console, no RD, so VNC, etc). They are running some
> custom perl programs on the Xserve. All data is stored on external
> volumes. User accounts live in AD.
>
> When a new user requests access to the Xserve, I run the script which
> does 3 things:
>
> 1) Make a new home directory in /Volumes/SAN/Users/<$new_user>
> <----------Note this is not the default location for user home
> directories.
> 2) Populates it with subfolders from the user template in /System/
> Library/User Template (Im putting things in here that all my users
> will need, like a custom .bash_profile, a special ~/mnt directory, etc)
> 3) Change the ownership permissions on the new home dir so the new
> user can access it.
>
> Im not creating the user accounts in the Accounts Pref pane at all. Im
> doing it with scripts. I dont even know the user's passwords, Im just
> creating a home folder. My user information comes from Active
> Directory. I dont need to keep user passwords and user records on the
> Xserve. All of this info is stored in AD, and of course the Xserve is
> bound to AD. Managed Mobile accounts are disabled. Other than the root
> account and a local admin account, there are no user records on this
> Xserve at all.
>
> Hres my main concern: As indicated above in Step 1, I plan to put the
> users home dirs on a SAN volume, rather than the local boot volume. I
> have changed this path in the Accounts GUI pane before, but I dont
> know how to tell OS X that all ssh users will need to have their homes
> in /Volumes/SAN/Users rather than /Users. I assume this must be done
> in DSCL or in some other config file?
>
> My scripts are not interacting with DSCL and thus the home dirs Im
> creating dont show up in the Accounts system preference pane. I dont
> see a problem with this. Should I care that the Accounts pane doesnt
> see the homes?
>
> Has anyone else ever created a similar workflow for home dir creation?
>
> Should there be an additional step 4 above that talks to DSCL or tells
> Mac OS X where these user's homes will live? Id prefer to keep the
> local admin account in /Users (So I can log in as the admin even when
> the SAN is not mounted etc)
>
> Do I need to do anything else? Are there any gotchas to doing it this
> way? Is there anything I need to do in DSCL to provision the user's
> home dir's?
>
> Thanks
>
> -Dan
This is done in linux all the time. The local computer does not need to know
anything about the user accounts as long as it is hooked into the
authentication system -- in your case AD. The user's home location will be
pulled from AD as well, so if the home location is set correctly in AD, and
the Xserve can mount that location (whether by automount or static mount),
you should be fine.
The one extra step you'll need to do is to make sure these users have been
granted ssh login access to the server.
--
Peter M. Bukowinski
Systems Engineer
Janelia Farm Research Campus
Howard Hughes Medical Institute
(also at http://yourmacguy.wordpress.com)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
