Mailinglist Archive: opensuse (1445 mails)

< Previous Next >
Re: [opensuse] Re: how to change users home directory
Bernhard Voelker said the following on 03/27/2012 06:37 AM:
On 03/26/2012 01:36 PM, Anton Aylward wrote:
As someone said, you can't have two home directories, only one for each
account.

I don't think this is 100% correct: it's true if you speak of a user name,
but you can well have 2 usernames with the same user id, so in this - well,
rather unusual - case, a user can have 2 different HOMEs.

Berny, please don't cc me when you mail the list, its not necessary and
is an annoyance.

Yes you can have

ROOT:x:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/bash

and that would make things stand out in ls listings while maintaining
compatibility, but that doesn't seem to be what Lynn is talking about.

I've used that "doubling up" in the past and it NOT what I'm talking
about here.


Lynn has the 'lynn' id and wants to have it both as a network login and
a local login; the network login (I would presume being 'lynn' via
LDAP) using the nfs mount at /home/lynn and the local login (using
'lynn' via the local /etc/passwd) at /home2/lynn.

At least that's how it comes across to me.

She says that all other machines have networked accounts, right?
She say that this one has a local account and she want to preserve it.
In fact she says she want to preserve the account, not just the data
under the account (which is odd since the way she copied data isn't
recursive and doesn't copy the "dot" files").

But she keeps the local account name 'lynn' on this machine.

What happens if she goes to another machine and logs in as 'lynn'?
I gather from Lynn's past positing about LDAP and kerberos that she is
using network based account management and NFS mounts of home
directories to implement 'roving accounts'. OK, she never says that out
and out, and if I'm wrong, the Lynn please make it clear what is going on.

But it seems she wants to be able to use both the network logins and the
local 'lynn' account on this machine.

So if she logs in as 'lynn' which does she get?

My thought on the matter is:
It is determined by the entry in /etc/nsswitch
(well, OK, it can also be done with PAM)

In order for other people to log in on the nfs mounted partition there
needs to be dither duplication of /etc/passwd across all machines or
central management via YP/NIS or LDAP. Which has Lynn been talking
about in post threads? LDAP!

But she also makes it clear that she has edited the local /etc/passwd so
the 'lynn' entry there refers to /home2/lynn.

How do you think compatibility between network ('roving'/LDAP) login and
/etc/passwd login is managed?

Since there is the implication Lynn can login to other machines on the
network, that means there is a 'lynn' entry in LDAP.

So on this machine, which has the { LDAP lynn -> /home/lynn } and the
{ /etc/passwd lynn -> /home2/lynn } what do you think happens when she
logs in there?

I said that you can't have two home directories for the one account, the
'lynn' account. There has to be some determinism. It may be a result
of network delays and error handling in in the modules referred to by
/etc/nsswitch or PAM, which Lynn has not described to us.

Now my assumptions here may be incorrect, but Lynn has made it clear
that network logins apply for other machines and she's made it clear
that server:/home is to be mounted at /home on this machine too which
implies that this machines is to handle those kinds of accounts as well.


I'm sure that converting the account on the machine in question to
"lynn2" with a $HOME of /home2/lynn or /home2/lynn2 would have been a
lot simpler, but there are so many other things to consider. We've only
got a snapshot of Lynn's setup and there may be other constraints and
objectives.



--
Auditing security is complex, challenging, and not for the uninformed
Avoiding IS Icebergs
http://infosecuritymag.techtarget.com/articles/october00/features3.shtml
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups