Indeed that does help. I've never had a use for setgid since most of my work is on web access technology etc. This is the first time I've had to look at sharing systems and how to get the result you just described. In LDAP the user is authenticated and the user's home folder and bash preferences are set via the LDAP server. I can map a users folder on each of the machines to a users folder on the file server and create each user's home folder on the share. Then list the home folder in LDAP as /home/users/bob etc. Very nice. I thank you very much, that is exactly what I was looking for!
Larry S. Brown Dimension Networks, Inc. (727) 723-8388 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Dixon Sent: Tuesday, August 05, 2003 11:08 PM To: [EMAIL PROTECTED] Subject: Re: user management with ldap On Tue, 2003-08-05 at 22:23, Larry Brown wrote: > I have set up an LDAP for system authentication using OpenLDAP on RH8 server > with RH9 workstations. I have it working to validate user information, > however, when users log onto the machines there is no home folder for them. > Is there any reference documentation on how to create an environment where > anyone can log onto any machine and have their own desktop settings loaded > and in place? Something similar to the function M$ has with roaming > profiles? I'm having a terrible time trying to get a shared home directory > to work (not that I want one shared set of configs but I'm trying to get it > at least working). I set each user's home folder to be one named "users". > I gave it 770 permissions and set all users up under the users group and set > the folder to be owned by root and set the group to users. The first user > usually works but subsequent logins fail with permission problems since the > files created on that first login where owned by the person who first logged > in. I can see this will be a further source of problems for me. If there > is some way to get a roaming profiles scenario to work, that would be much > better. Any help would be greatly appreciated. Personally, I'd use NFS on each client system, mounting /home from a master NFS/RAID server. This will allow you to centralize user resources on one redundant system, while continuing to manage their identities, passwords, etc., via LDAP. You'll still need to manually create home directories for each new user, but you'll only have to do it once. AFAIK, LDAP doesn't provide user administration capabilities similar to what you might find with Windows/LDAP/AD(?). I'm not an LDAP expert (on the TODO list), so I'm not going to be much help here. On a side note, you might want to check out the Samba-TNG project (http://www.samba-tng.org/). There might be something there you could use for your project. For your other issue, if you have a shared group folder, you'll want to turn on the setgid bit to ensure all new files continue to be group-ownable, allowing other users read/write permissions even on files they didn't create (if this is a wanted feature). For example: $ chmod 2770 /home/shared $ ls -l /home/ drwxrws--- 5 users users 4096 Jun 27 14:27 users Assuming you have users "Bob" and "Mary", the next time Bob saves a file, it will still be owned by the "users" group, allowing Mary to edit it at will. For more information, search for "setgid", "setuid", and "sticky bit". Hope this helps! -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
