On Jul 24, 2009, at 10:05 AM, Dan Stranathan wrote:
When a new user requests access to the Xserve, I run the script
which does 3 things:
1) Make a new home directory in /Volumes/SAN/Users/<$new_user>
<----------Note this is not the default location for user home
directories.
2) Populates it with subfolders from the user template in /System/
Library/User Template (Im putting things in here that all my users
will need, like a custom .bash_profile, a special ~/mnt directory,
etc)
3) Change the ownership permissions on the new home dir so the new
user can access it.
Sounds good. We do this too, as our network home box is different
from our directory server.
Hres my main concern: As indicated above in Step 1, I plan to put
the users home dirs on a SAN volume, rather than the local boot
volume. I have changed this path in the Accounts GUI pane before,
but I dont know how to tell OS X that all ssh users will need to
have their homes in /Volumes/SAN/Users rather than /Users. I assume
this must be done in DSCL or in some other config file?
Yes. While most machines will read the network home location and
correctly connect to the server, the server itself needs to use the
local path (/Volumes/SAN/Users/...) instead of the full network path (afp://servername/Users/...
). To accomplish this, you have to change the mapping on the file
server so it mangles the information from the directory a little. I
have my "notes to self" online for this:
Once you do that, users who SSH into the server will be correctly
mapped to the local path you've specified.
My scripts are not interacting with DSCL and thus the home dirs Im
creating dont show up in the Accounts system preference pane. I dont
see a problem with this. Should I care that the Accounts pane doesnt
see the homes?
The main point is that when you query the information for a user *on
the server*, you should get the correct network home path back. The
steps I link to above (changing the mapping) should do that for all
the users that AD tells your server about.
Has anyone else ever created a similar workflow for home dir creation?
Yes. =) I'm happy to share our scripts if they'll help you. We use
OD, though, and it sounds like you do some extra work setting up the
directories, so I don't know if they'll be of much use to you.
Should there be an additional step 4 above that talks to DSCL or
tells Mac OS X where these user's homes will live? Id prefer to keep
the local admin account in /Users (So I can log in as the admin even
when the SAN is not mounted etc)
The local admin account won't be affected, as it's information isn't
obtained from AD. The mapping you change only affects that particular
server, so it won't affect the local users.
