Hi,

Got a Feisty server up and running, with OpenLDAP, Samba Domain and file share for my Windows machines. And also the Linux clients can authenticate versus the LDAP. So far so good.

Now I would like to have the users home folder to be located on the server. I have a folder there /data/home/<username> which is already in use for Windows - shared via Samba. And I would like to use the same folder for the users home folder under the Linux clients. No worries I have sorted out the above mentioned folders into subfolders for Windows and Linux and Desktop, etc.

How to I get the home folder on a Linux machine pointed to a network location, preferably via SSH?
I have tried with sshfs, receive a warning that the location I am mapping to is not empty (cause the login bash scripts are in the users home folder already) and if I set a flag to ignore this then it does not work either.

Do I map the home folder of the user that is logging in only - after user authentication? Or do I map the folder containing all the home folders of all users before login? Either way I do not know how?

Any hint is highly appreciated.

Cheers
... LuckyMe

I would simply mount the folder on the Samba server with all the users' account folders as /home in /etc/fstab when your client boots. If you properly set the access rights on your server, nobody can go snooping in somebody else's folder. I have no clue how to enrypt the entire read/write process, though.

Hmmm,

thanks for the hint with fstab. How would I do that if my server is called "monolith" and the home folders are located in the folder /data/home, both on the server as well as localy? Oh yeah, I would like to use ssh instead of Samba.

EDIT:
I know I could use sshfs, but as with Samba I have to use a user name to mount a network drive and how shall I do that, cause BEFORE login I do not know which user will be logging in. :eek:

Thanks
... LuckyMe

How far would I get with the use of fuse and sshfs in the fstab? Something like this?

sshfs#dummyuser@monolith:/data/home /data/home/ fuse defaults,auto 0 0

As I am not sure how FUSE works I am concerned that the dummyuser would be used for permission check on the remote drive and therefore the user would not be able to access their actually owned home folder?! Also I am not sure about the options default and auto or noauto, etc.

Any ideas?

Thanks
... LuckyMe

thanks for the hint with fstab. How would I do that if my server is called "monolith" and the home folders are located in the folder /data/home, both on the server as well as localy? Oh yeah, I would like to use ssh instead of Samba.

Have a look at our helpfiles library (http://www.justlinux.com/nhf/Filesystems/Mounting_smbfs_Shares_Permanently.html). I don't know how you can do that with SSH - especially with Windows boxes since those don't come with SSH by default.

Have a look at our helpfiles library (http://www.justlinux.com/nhf/Filesystems/Mounting_smbfs_Shares_Permanently.html). I don't know how you can do that with SSH - especially with Windows boxes since those don't come with SSH by default.


Thanks, but my Windows boxes are all sorted and done. I just mentioned them to give the whole picture. I am just not clear how to do with my Linux machine.

Beside that I found out the following:
If I am not wrong I can use certificates instead of username and password for sshfs in fstab. But the certificate is supposed to be in the .ssh folder of the current user. Which user is used for fstab?

Cheers
... LuckyMe

Which user is used for fstab?

Any user. Whenever a user sends a request to mount something, the system checks wether the user is allowed to perform this operation or not. If the operation is okay, it is being executed as itis described in fstab or in the commandline.

As I said above, I'm not encryption wizard, but at boottime it's root who's mounting the drives. Therefore I'd give it a try and put the certificates in /root/.ssh

I tried that and unfortunately it only works when the root user logs in, meaning the folder /data/home is populated with all the users home folders.

Logging in with another user results in an empty /data/home folder.

Any ideas or gudiance on fstab?


Kind regards
... LuckyMe

try changeing "defaults" in fstab to user,rw

try changeing "defaults" in fstab to user,rw

Well, I doubt that's what he wants. This would allow any user to mount/unmount the server share - a priviledge that doesn't belong into the hands of ordinary users, in my eyes.

Well, I doubt that's what he wants. This would allow any user to mount/unmount the server share - a priviledge that doesn't belong into the hands of ordinary users, in my eyes.

Well, depends on. If I am not wrong then it will mount the folder for all users that are actually logging in. But there are still the permissions that are set on the folders and files on the target. I assume that those are still verified versus the actuall users and hopefully not versus the user mentioned in the fstab file, or?!

What about the option "user,auto"? Would that do the trick for me? Sorry for asking instead of trying, but I am still at work for a couple of hours and can therefore not just test it.

And if that is given then the next question is if it is mounted automatically or if user interaction is necessary to mount it - which I would not want to as it is the home folder.
Is there a good place with information about fuse and sshfs? On their website is not much of documentation or at least I could not dig to it.

Again thanks a lot
... LuckyMe

Well, depends on. If I am not wrong then it will mount the folder for all users that are actually logging in.

Well, you are sort of wrong. If you add user to your fstab, any user of the system is allowed to mount/unmount the entry where the user tag stands. Yes, of course this would mount all users' home directories since they are all on the target volume, but I don't believe you want an ordinary user to have the power to accidentally unmount the target volume and deprieve all users of their data. ;) The user tag makes sense for floppies, CD-ROMs, memory sticks, and the like, but definitely not for crucial server shares.

What about the option "user,auto"? Would that do the trick for me? (...) And if that is given then the next question is if it is mounted automatically or if user interaction is necessary to mount it - which I would not want to as it is the home folder.

If you have the auto tag in your fstab, the corresponding entry is automatically mounted at boot time. (that's why I pointed you towards root since at boot time all processes are carried out with root priviledges - unless I am really mistaken) Technically, it is possible to combine user,auto, but for similar reasons like I explained above, I doubt you want that. What sense is in automatically mounting a server share so it's available for everyone, but also giving the right to everyone to unmount that share again?

First of all thanks for staying in this thread and discussing it with me.

Is it really that crucial that a user could unmount it?! As it is the home folder he would not be able to do so anyway, at least not in an easy way.

Could you suggest me another way of approaching my goal? Maybe a complete different solution?

I have also read about NIS and NFS but for some reason I am not sure if I would like that solution.

Guess I was clear in what I am trying to reach?! The users home folder shall be on a server so that all settings are conserved across the whole network.

Thanks
... LuckyMe

Is it really that crucial that a user could unmount it?!

It depends on your needs and your network. I for my part as a user wouldn't be too happy if someone unmounted /home while I am trying to save to /home/parcival. As a matter of fact, this could have a really ugly end.

As it is the home folder he would not be able to do so anyway, at least not in an easy way.

Depends on how you define easy.

umount /home

would be sufficient for any user with the user tag in fstab.

Guess I was clear in what I am trying to reach?! The users home folder shall be on a server so that all settings are conserved across the whole network.

I think Samba is a good solution as I have had the least problems with it. Some here in the forum prefer NFS, but in my heterogenous home (Linux, Macs, Windows) Samba is what gives me the least problems. Windows still is the standard and everyone takes it as a reference.

In your situation I would simply set up a Samba server that shares the users' home folders (look up the documentation and/or the example file for smb.conf) and have the clients mount it with the auto tag in their fstab. Encryption is only worth the effort if you believe somebody could perform a man-in-the-middle attack. Since it seems like you're working in a LAN solely, I assume the benefits of encryption are not worth the effort.

In your situation I would simply set up a Samba server that shares the users' home folders (look up the documentation and/or the example file for smb.conf) and have the clients mount it with the auto tag in their fstab. Encryption is only worth the effort if you believe somebody could perform a man-in-the-middle attack. Since it seems like you're working in a LAN solely, I assume the benefits of encryption are not worth the effort.

Nice suggestion, I might try it. But beforehand I have a question.
you say "... and have the clients mount it with the auto tag in their fstab." Would I than not end up in the same situation as now?
How would that auto mount be different from the one I am using now? Could you please describe that for me?

Thanks
... LuckyMe

Would I than not end up in the same situation as now?
How would that auto mount be different from the one I am using now? Could you please describe that for me?

I am not sure since I don't know exactly your current situation. auto simply mounts something at boottime without the need of any user interaction.

Yeah, and I have played around with this "auto" option yesterday and I indeed get the whole "home" folder mapped. I also used the "user" option (I know you did not recommend it, but I tested it).
And this did result in the fact that all actions on the target are made as the root user, even so I logged in as another user. Meaning that the username in the fstab in connection with sshfs and fuse is used for file access and not the actual user that did login.
Honestly speaking I did expect something like that as I knew it is like that in the Windows world.

Is there another way to get this done - except NFS?

Cheers
... LuckyMe

my bad. I was thinking of using user,rw,auto on the client machine. I which case unmounting via umount /home would only unmount the share on that one client box, and not on the whole network (or maybe I'm confusing this with how things work on nfs). My only concern there would be that, if permissions are not watched very well, userx could modify usery's data. Anyone is however welcomed to correct me if I'm wrong. (I'm always willing to lern something new)

webwolf

Hi webwolf,

thanks for the post. I am certain that an unmount would only unmount the current client as it is related to the client. So the other clients would not be effected with this.

However as you wrote the permissions are a problem, or there is something else that I have missed that can fix this.

I found out that the sshfs mount command can in principal also run without the "username@" option. Maybe that would give me the correct permissions?!

Maybe somebody knows?

Kind regards
... LuckyMe

I am certain that an unmount would only unmount the current client as it is related to the client. So the other clients would not be effected with this.

This is correct. However, you have to keep in mind that several individuals can be logged in on the same Linux client.

This is correct. However, you have to keep in mind that several individuals can be logged in on the same Linux client.


I have to admit that Percival has a damn good point there. Unless your set up that only one person has access to each client that should be avoided then

In theory you are correct, but here at our home we don't use "user switching" user logged in is the user sitting in front of the machine.

However, I have done some other tests and figured out that it is not very good in regards to performance to have the home folder on a network mount. Starting FireFox takes for ever!!! I am not sure what FF does, but it seems to do a hell of a lot of file access to start up. Once started up it is okay, but until than...

I am changing my course and only mount the Desktop folder to my network.

Thanks for all your advise.

... LuckyMe