Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to set up a system which allows users to authenticate using PAM/Winbind. The home directory will be mounted by libpam-mount, but I do not want the users' configuration files to loosely lie around in their private directories, because they will use it with Windows, too. My current idea is the following:
User logs in on a virtual terminal or using a display manager.
An empty directory is created in the tmpfs that is mounted on /var/users (or something like that); this is required to be a RAM filesystem, because the root filesystem is a read-only NFS.
The user's private directory (smbfs) is mounted there.
A symbolic link to /home/$USERNAME is created from /var/users/$USERNAME/.dotfiles; if necessary, the latter directory is created before, ideally by copying /etc/skel. Sadly, due to the nature of SMB shares, I cannot mount .dotfiles directly.
The user's shell or desktop environment starts up.
My problem is that I don't know how to do the symlink creation. Is there a PAM module which works that way? Will I have to write one myself? I would also be happy if you could suggest another place, probably between PAM finishes its work and the user's environment starts; it must not except the home directory to exist yet, and the user must not find a way to sail around it (thus, /etc/profile or Xsession are a problem).
I've had weird things happen when trying to use a symlink for a home directory. I don't remember exactly, but some software didn't work.
Anyway, it sounds like you're going to try and use SAMBA for remote home directories in Linux--this is a bad idea because file permissions won't work properly. Instead, you should export /home as a read/write NFS share. Do NOT share /home in SAMBA. Instead, create an independent directory tree; perhaps /smbhome. This directory tree is for everyone's personal documents. In each home directory, include a symlink to that user's smbhome personal folder. For example, you could have /home/isaac/MyDocs be a symlink to /smbhome/isaac/
Tell your users that if they want to be able to access their files in Windows, they'll need to save them in their "MyDocs" folder. Otherwise, the files will only be accessable in Linux.
Of course, there are a lot of settings files which get saved in the user's home directory without giving any option for saving them somewhere else--these files are generally hidden as well as useless in Windows.
Anyway, it sounds like you're going to try and use SAMBA for remote home directories in Linux--this is a bad idea because file permissions won't work properly. Instead, you should export /home as a read/write NFS share. Do NOT share /home in SAMBA.
Well, that sounds logical, but there is a problem with it: If I understand NFS correctly, every user can write to the other users' home directories and manipulate their settings, because I cannot require the users to authenticate to it—users could bring their notebooks, on which they naturally are root. Will I have to set up Kerberos or are there any better ideas?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.