Hi LQers,

I want to set up a system which allows users to authenticate using PAM/Winbind. The home directory will be mounted by libpam-mount, but I do not want the users' configuration files to loosely lie around in their private directories, because they will use it with Windows, too. My current idea is the following:

• User logs in on a virtual terminal or using a display manager.
• An empty directory is created in the tmpfs that is mounted on /var/users (or something like that); this is required to be a RAM filesystem, because the root filesystem is a read-only NFS.
• The user's private directory (smbfs) is mounted there.
• A symbolic link to /home/$USERNAME is created from /var/users/$USERNAME/.dotfiles; if necessary, the latter directory is created before, ideally by copying /etc/skel. Sadly, due to the nature of SMB shares, I cannot mount .dotfiles directly.
• The user's shell or desktop environment starts up.

My problem is that I don't know how to do the symlink creation. Is there a PAM module which works that way? Will I have to write one myself? I would also be happy if you could suggest another place, probably between PAM finishes its work and the user's environment starts; it must not except the home directory to exist yet, and the user must not find a way to sail around it (thus, /etc/profile or Xsession are a problem).

I greatly appreciate all your ideas.

Thanks in advance,
mschutte

I've had weird things happen when trying to use a symlink for a home directory. I don't remember exactly, but some software didn't work.

Anyway, it sounds like you're going to try and use SAMBA for remote home directories in Linux--this is a bad idea because file permissions won't work properly. Instead, you should export /home as a read/write NFS share. Do NOT share /home in SAMBA. Instead, create an independent directory tree; perhaps /smbhome. This directory tree is for everyone's personal documents. In each home directory, include a symlink to that user's smbhome personal folder. For example, you could have /home/isaac/MyDocs be a symlink to /smbhome/isaac/

Tell your users that if they want to be able to access their files in Windows, they'll need to save them in their "MyDocs" folder. Otherwise, the files will only be accessable in Linux.

Of course, there are a lot of settings files which get saved in the user's home directory without giving any option for saving them somewhere else--these files are generally hidden as well as useless in Windows.

Well, that sounds logical, but there is a problem with it: If I understand NFS correctly, every user can write to the other users' home directories and manipulate their settings, because I cannot require the users to authenticate to it—users could bring their notebooks, on which they naturally are root. Will I have to set up Kerberos or are there any better ideas?

Anyway, thank you for your help.
mschutte

Hmm...maybe something like sshfs would be better for you. I've never used it myself.

Hehe … I just thought about that as I received the notification mail. I'll try it as soon as possible and report back here. :-)