Mailinglist Archive: opensuse (807 mails)

< Previous Next >
Re: [opensuse] AutoFS somewhat complex...(SOLVED) and a REPORT
  • From: Verner Kjærsgaard <vk@xxxxxxxxxxxxx>
  • Date: Sun, 18 Apr 2010 20:03:37 +0200
  • Message-id: <4BCB4979.7010100@xxxxxxxxxxxxx>


Verner Kjærsgaard skrev:

Peter Suetterlin skrev:
Hi Verner,

Hi list and P.,

...lots of text has been cutaway..
So what I (thought I) understood you wanted is /home/<user> on the local disk
and /home<user>/Documents coming via NFS. For this, the directory on the
other end has to exist, and have the proper permissions. I.e., on the server
you will have to create the /volume1/EXPORT/<user> directories, chown each to
<user> (or the appropriate user ID if the users are not known on the server)
and probably chmod 700 them so only the user can read it.

...

Hi list and P.,

- like you say, now we're getting somewhere!

- indeed what you say in the paragraph above is what I'm going to do.
- and...further, Yes I'll have to create individual directories per
user. But...that I can script my way out of and so.

I'm not able to test it out right now, but I'm quite sure, it'll work.
Again, thanks a lot for your kind help. I'll get back to the list with
my results.



Hi gurus and list,

- I promissed to get back with my results - and here they are.
- thanks to you guys it WORKS!
- this is what I did:

ON THE CLIENT
-------------
this is the contents of /etc/auto.master
/extern /etc/auto.nfs

this is contents of /etc/auto.nfs
* 172.16.11.229:/volume1/SYNDOCS/&

this is the contents of /etc/profile.local:
#!/bin/bash
user=`whoami`
usernum=`id -u $user`
cd /home/$user
### -h TRUE if file exist AND IS A SYMLINK
### MINEFILER = MYFILES in english
if [ ! -h MINEFILER ]; then
ln -s /extern/$user MINEFILER 2>&1
fi

### Copy known_hosts file to the home-dir of
### the new user
### only at first login, otherwise not ###
if [ ! -e /home/$user/.ssh/known_hosts ]; then
mkdir -p /home/$user/.ssh
cat /opt/scripts/known_hosts_syn >> /home/$user/.ssh/known_hosts
fi
### Now call a script placed in the SYN box
ssh -i /opt/scripts/id_rsa root@xxxxxxxxxxxxx /opt/scripts/checkuser.sh
$user $usernum

I then copied root's very secret id_rsa file outside roots home into
/opt/scripts and made it readable. So the /etc/profile.local script can
log into the server with SSH (as root) and to its things.

THIS IS A MAJOR SECURITY BREACH!!

Yes, I know. Any ideas? The /etc/profile.local runs as the local user,
not root. So this file cannot satisfy SSH with respect to identity and so.



ON THE SERVER
-------------

I placed SSH keys and so, to enable password/promptless login from the
client.

I placed this script in /opt/scripts/ on the SYN box (note the use of
ash, not bash...):

#!/bin/ash
#$1 = user
#$2 = usernum (numerisk)
user=$1
usernum=$2

if [ ! -d /volume1/SYNDOCS/$user ]; then
mkdir /volume1/SYNDOCS/$user
chown $usernum.100 /volume1/SYNDOCS/$user
chmod -R 700 /volume1/SYNDOCS/$user
fi

exit 0


Now I fired up 'rcautofs' and was airborne.
Every new user now has a directory under his homedir name MYFILES. The
files put the will reside off-server.



Again, thanks to all for their great and appreciated help!


--
------------------------------
Med venlig hilsen/Best regards
Verner Kjærsgaard

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >