Home > Archive > Unix Shell Programming > December 2004 > Setting local home directory and login shell
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Setting local home directory and login shell
|
|
|
| I am using pam_ldap on a Solaris 8 platform for user login
authentication. I am able to login without any issues.
I would like to force all non-local users to a specific home directory
and shell.
Can this be accomplished with configuration files?
Thank you
| |
| dfrench@mtxia.com 2004-12-20, 8:57 pm |
|
dbf wrote:
> I am using pam_ldap on a Solaris 8 platform for user login
> authentication. I am able to login without any issues.
>
> I would like to force all non-local users to a specific home
directory
> and shell.
> Can this be accomplished with configuration files?
>
Define "local" ... Hardwired attached terminals? Current subnet? Group
of subnets? From a specific domain name? Anyone except?
By "non-local" do you mean users not logging in on a serially attached
green screen terminal?
A little more info please...
--
Dana French
| |
| Bruce Barnett 2004-12-21, 3:56 am |
| "dbf" <dbfrager@fragers.com> writes:
> I am using pam_ldap on a Solaris 8 platform for user login
> authentication. I am able to login without any issues.
>
> I would like to force all non-local users to a specific home directory
> and shell.
you can specify a home directory for each user using the /etc/passwd
file. You can put something special in the master shell login
(/etc/profile, /etc/csh.login, /etc/csh.cshrc, etc.)
You are just talking about redefining the value of HOME, right?
And then doing "cd $HOME"
If you want ~joeuser to also be equal to the home directory, you have to
modify the field in /etc/passwd
chroot() is a different problem.
--
Sending unsolicited commercial e-mail to this account incurs a fee of
$500 per message, and acknowledges the legality of this contract.
| |
|
|
dfrench@mtxia.com wrote:
> dbf wrote:
> directory
>
> Define "local" ... Hardwired attached terminals? Current subnet?
Group
> of subnets? From a specific domain name? Anyone except?
>
> By "non-local" do you mean users not logging in on a serially
attached
> green screen terminal?
>
> A little more info please...
>
> --
> Dana French
I have a Solaris platform, configured with pam_ldap for user
authentication. Additionally, I have several locally defined users (in
/etc/passwd, i.e., admin).
If I login using "admin", my home directory, shell, etc. are obtained
from the locally administered files (passwd, group, etc).
If I login used "david", which is administered from my centralized ldap
database, I get password authentication from via pam-ldap. I can
additionally get my group list and other information.
Since this Solaris box is used as a specific use platform, I want ALL
users to be forced to use a specific home directory and shell. I can
control this for locally administered accounts using /etc/passwd. How
can I accomplish this for my centralized users? If I provision them in
the ldap database, then they will take affect for ALL platforms using
the LDAP database for access...I want this to be controlled on the
specifc Solaris box.
Thank you
| |
| dfrench@mtxia.com 2004-12-21, 3:59 pm |
|
dbf wrote:
> dfrench@mtxia.com wrote:
>
SNIP
>
> I have a Solaris platform, configured with pam_ldap for user
> authentication. Additionally, I have several locally defined users
(in
> /etc/passwd, i.e., admin).
>
> If I login using "admin", my home directory, shell, etc. are obtained
> from the locally administered files (passwd, group, etc).
>
> If I login used "david", which is administered from my centralized
ldap
> database, I get password authentication from via pam-ldap. I can
> additionally get my group list and other information.
>
> Since this Solaris box is used as a specific use platform, I want ALL
> users to be forced to use a specific home directory and shell. I can
> control this for locally administered accounts using /etc/passwd.
How
> can I accomplish this for my centralized users? If I provision them
in
> the ldap database, then they will take affect for ALL platforms using
> the LDAP database for access...I want this to be controlled on the
> specifc Solaris box.
>
On your centralized user management interface, is there not an option
to define the HOME directory of each user as it is created?
--
Dana French
| |
|
| Yes there is..however, that would force the same directory structure on
all platforms...
While in most cases this will work fine, on this particular type of
environment, that structure will not be implemented...I want all users
to share a common home directory and environment SHELL..In this
instance, LDAP is used for authentication only. Logging capabilities
will track on a per/user basis, so I need to have them login as
individual accounts.
| |
| dfrench@mtxia.com 2004-12-21, 3:59 pm |
|
dbf wrote:
> Yes there is..however, that would force the same directory structure
on
> all platforms...
>
> While in most cases this will work fine, on this particular type of
> environment, that structure will not be implemented...I want all
users
> to share a common home directory and environment SHELL..In this
> instance, LDAP is used for authentication only. Logging capabilities
> will track on a per/user basis, so I need to have them login as
> individual accounts.
So this is an exception to standard policy and procedures, correct?
Does your centralized user management system allow you to specify
backend scripts(it should)? Write a script to change the home
directories of the newly created users on those machines that are the
exceptions.
--
Dana French
| |
|
| I will look into this capability...I was however looking for an
approach that can be implemented on the individual servers
Thank you
| |
| dfrench@mtxia.com 2004-12-21, 3:59 pm |
|
dbf wrote:
> I will look into this capability...I was however looking for an
> approach that can be implemented on the individual servers
>
What I described was an approach consistent with your apparent policies
and standards, that you can implement centrally, for individual
servers.
--
Dana French
| |
| Kevin Rodgers 2004-12-21, 3:59 pm |
| dbf wrote:
> I will look into this capability...I was however looking for an
> approach that can be implemented on the individual servers
Let's say user1 has an entry in LDAP that says her home directory is
/home/user1 and her login shell is /bin/sh. On the host that you want
to configure differently, make /home/user1 a mount point for the shared
home directory (e.g. /home/jederman) instead of her real home directory,
and have /home/jederman/.profile do something like exec /bin/ksh.
--
Kevin Rodgers
| |
| dfrench@mtxia.com 2004-12-23, 9:03 am |
|
dbf wrote:
> dfrench@mtxia.com wrote:
>
SNIP
>
> I have a Solaris platform, configured with pam_ldap for user
> authentication. Additionally, I have several locally defined users
(in
> /etc/passwd, i.e., admin).
>
> If I login using "admin", my home directory, shell, etc. are obtained
> from the locally administered files (passwd, group, etc).
>
> If I login used "david", which is administered from my centralized
ldap
> database, I get password authentication from via pam-ldap. I can
> additionally get my group list and other information.
>
> Since this Solaris box is used as a specific use platform, I want ALL
> users to be forced to use a specific home directory and shell. I can
> control this for locally administered accounts using /etc/passwd.
How
> can I accomplish this for my centralized users? If I provision them
in
> the ldap database, then they will take affect for ALL platforms using
> the LDAP database for access...I want this to be controlled on the
> specifc Solaris box.
>
On your centralized user management interface, is there not an option
to define the HOME directory of each user as it is created?
--
Dana French
| |
| dfrench@mtxia.com 2004-12-23, 4:07 pm |
|
dbf wrote:
> I will look into this capability...I was however looking for an
> approach that can be implemented on the individual servers
>
What I described was an approach consistent with your apparent policies
and standards, that you can implement centrally, for individual
servers.
--
Dana French
| |
| Kevin Rodgers 2004-12-23, 4:07 pm |
| dbf wrote:
> I will look into this capability...I was however looking for an
> approach that can be implemented on the individual servers
Let's say user1 has an entry in LDAP that says her home directory is
/home/user1 and her login shell is /bin/sh. On the host that you want
to configure differently, make /home/user1 a mount point for the shared
home directory (e.g. /home/jederman) instead of her real home directory,
and have /home/jederman/.profile do something like exec /bin/ksh.
--
Kevin Rodgers
| |
|
| I will look into this capability...I was however looking for an
approach that can be implemented on the individual servers
Thank you
| |
| dfrench@mtxia.com 2004-12-28, 3:59 pm |
|
dbf wrote:
> I will look into this capability...I was however looking for an
> approach that can be implemented on the individual servers
>
What I described was an approach consistent with your apparent policies
and standards, that you can implement centrally, for individual
servers.
--
Dana French
| |
| Kevin Rodgers 2004-12-28, 3:59 pm |
| dbf wrote:
> I will look into this capability...I was however looking for an
> approach that can be implemented on the individual servers
Let's say user1 has an entry in LDAP that says her home directory is
/home/user1 and her login shell is /bin/sh. On the host that you want
to configure differently, make /home/user1 a mount point for the shared
home directory (e.g. /home/jederman) instead of her real home directory,
and have /home/jederman/.profile do something like exec /bin/ksh.
--
Kevin Rodgers
|
|
|
|
|