On Tuesday 09 October 2007 11:23:56 G T Smith wrote: > Anders Johansson wrote: > > On Monday 08 October 2007 10:54:41 G T Smith wrote: > >> Anders Johansson wrote: > >>> On Sunday 07 October 2007 14:23:50 G T Smith wrote: > >>>> Unfortunately if you can disconnect a resource, you can also reconnect > >>>> something else at the same point, and that could be a security issue. > >>>> If the location is taken it makes it more difficult (but not > >>>> impossible) to hijack. > >>> > >>> No you can't, because linux will only allow you to mount things as a > >>> user when permission is explicitly given in fstab. Which means the > >>> worst they could do is remount the same resource > >>> > >>> If you think this is wrong, please give a concrete example of how it > >>> could be done > > > > <snip something about home directories on samba shares> > > > > Obviously your scenario is just wrong. > > I think you need to do a little research into both AD and NDS and some > Network Operating System concepts.... You are thinking server and > machine centric not network centric... e.g. NT user accounts are > frequently dynamically created on the local machine on login and the > account removed on logout, accounts and their settings exist on the > network NOT the machine (I am unaware of anything similar on *NIX). The > approach has its problems but works well enough... > > > First of all, for the kind of shares you're talking about, there are the > > non-mounted resources (smb:// in various browsers and vfs > > implementations). You can't have your home directory on samba anyway (or > > at least you shouldn't). So that eliminates your scenario > > If the directory is mounted on login there is no real reason why you > should not either. > > You are obviously completely unfamiliar with concept of the hotdesk. Let > me spell it out ... user does not have own machine, user may have own > resources and own role in organisation, user must be able sit down and > use any machine in a pool of machines and use as own... This is commonly > used in teaching institutions, call centres, and other variants of > cubicle land... And are you seriously suggesting that in organisation > with several hundred users that you set up several hundred home > directories (and associated accounts) on each machine in the pool? > > The browser is an approach with limitations. For it to work with > reasonable safety any settings need to travel with the user and not be > tied to the machine. > > Oddly enough this is something fairly easy to do with Windows with AD or > NDS... > > > Secondly, one single mount point for all users is just bad, it won't > > work. > > There are a number of references to this type of configuration around > with NFS, there is usually a single mount point but is lower down the > hierarchy on the server end and in theory you should only see the > material pertinent to the logged in user.
That's not a single mountpoint, that is autofs at work. It dynamically creates mount points as and when needed. It seems to me this is exactly what you're looking for > There have various ways of > presenting a file system across a network for a long time in *NIX world, > but they do not really fit more recent desktop use models. I'm sorry, but are you referring here to the early 70s method of assigning letters like C:, F: and so on to shares? That's hardly the ultramodern approach here. Which part of this is "more recent desktop use model"? You can say that things like Documents and settings should come from a server, which is about as close to the kind of mounting you can do in *NIX that you can get on a windows machine. I don't see why you say that this can't be done on linux. It has been possible for a very long time, as far as I can see We already have roaming users, with several hundred users. It works like a charm, as far as I can see. I can sit down on any machine, log in, and get my own desktop -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
