Bernhard Voelker said the following on 03/27/2012 06:37 AM:
On 03/26/2012 01:36 PM, Anton Aylward wrote:
As someone said, you can't have two home directories, only one for each account.
I don't think this is 100% correct: it's true if you speak of a user name, but you can well have 2 usernames with the same user id, so in this - well, rather unusual - case, a user can have 2 different HOMEs.
Berny, please don't cc me when you mail the list, its not necessary and is an annoyance. Yes you can have ROOT:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/bash and that would make things stand out in ls listings while maintaining compatibility, but that doesn't seem to be what Lynn is talking about. I've used that "doubling up" in the past and it NOT what I'm talking about here. Lynn has the 'lynn' id and wants to have it both as a network login and a local login; the network login (I would presume being 'lynn' via LDAP) using the nfs mount at /home/lynn and the local login (using 'lynn' via the local /etc/passwd) at /home2/lynn. At least that's how it comes across to me. She says that all other machines have networked accounts, right? She say that this one has a local account and she want to preserve it. In fact she says she want to preserve the account, not just the data under the account (which is odd since the way she copied data isn't recursive and doesn't copy the "dot" files"). But she keeps the local account name 'lynn' on this machine. What happens if she goes to another machine and logs in as 'lynn'? I gather from Lynn's past positing about LDAP and kerberos that she is using network based account management and NFS mounts of home directories to implement 'roving accounts'. OK, she never says that out and out, and if I'm wrong, the Lynn please make it clear what is going on. But it seems she wants to be able to use both the network logins and the local 'lynn' account on this machine. So if she logs in as 'lynn' which does she get? My thought on the matter is: It is determined by the entry in /etc/nsswitch (well, OK, it can also be done with PAM) In order for other people to log in on the nfs mounted partition there needs to be dither duplication of /etc/passwd across all machines or central management via YP/NIS or LDAP. Which has Lynn been talking about in post threads? LDAP! But she also makes it clear that she has edited the local /etc/passwd so the 'lynn' entry there refers to /home2/lynn. How do you think compatibility between network ('roving'/LDAP) login and /etc/passwd login is managed? Since there is the implication Lynn can login to other machines on the network, that means there is a 'lynn' entry in LDAP. So on this machine, which has the { LDAP lynn -> /home/lynn } and the { /etc/passwd lynn -> /home2/lynn } what do you think happens when she logs in there? I said that you can't have two home directories for the one account, the 'lynn' account. There has to be some determinism. It may be a result of network delays and error handling in in the modules referred to by /etc/nsswitch or PAM, which Lynn has not described to us. Now my assumptions here may be incorrect, but Lynn has made it clear that network logins apply for other machines and she's made it clear that server:/home is to be mounted at /home on this machine too which implies that this machines is to handle those kinds of accounts as well. I'm sure that converting the account on the machine in question to "lynn2" with a $HOME of /home2/lynn or /home2/lynn2 would have been a lot simpler, but there are so many other things to consider. We've only got a snapshot of Lynn's setup and there may be other constraints and objectives. -- Auditing security is complex, challenging, and not for the uninformed Avoiding IS Icebergs http://infosecuritymag.techtarget.com/articles/october00/features3.shtml -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org