On 03/17/11 09:24 PM, Glenn Faden wrote:
On 3/17/11 12:20 PM, Gary Winiger wrote:
Jan,
On 03/17/11 09:51, Jan Damborsky wrote:
Looks good to me. I skimmed b and c as well. Also
a couple comments.
useradd in the current gate should be able to create
zfs home directories and auto_mount maps by default.
Yep, I have noticed that when playing with useradd for
purposes of this project.
Currently, start method system/config smf service takes care
of that, but I think it might make sense to delegate that task
to useradd now when it provides for that features.
Though we will have to give it some thoughts, as looking at
useradd(1m) man page, unlike system/config, it does not provide
for customizing those parameters (e.g. name of ZFS dataset,
entry in /etc/auto_home).
Which might or might not be an issue.
I'm not sure about that. I don't know when the latest
man page will show up. You can look at the ARC case
PSARC/2009/652 final.materials/man/useradd.1m
And http://onnv.us.oracle.com/flagdays/pages/20110125111758.html
to see if that helps. [email protected] should be able
to answer any detailed questions.
I am about to integrate a change to this recently integrated feature.
The useradd command will only create a ZFS dataset for the new user's
home directory if the parent directory of the specified mount point
(using -d) is itself the mountpoint of ZFS dataset. Then the new
dataset will be created as a child of the existing dataset. For
example, in the global zone /export/home is the mountpoint of
rpool/export/home. So the following would create a new dataset,
rpool/export/home/foo, mount it on /export/home/foo, create an
auto_home entry for the automounter to mount /export/home/foo on
/home/foo.
useradd -md /export/home/foo foo
whereas
useradd -md /tmp/foo foo
or
useradd -md /etc/whatever/foo foo
will just create a regular directory, not a new dataset.
Thank you for clarifying that, Glenn.
Comparing with what installers (AI in particular) do today,
it's slightly different behavior, as installers now always create ZFS
dataset
for home directory. And both its name and mountpoint can be customized
via SC manifest in case of AI.
So we need to think more about if/how to accommodate current model
so that we could switch to useradd(1m) taking care of that for us.
Jan
b, 10.2 exposes password values and contains primary
administrator. I presume this is out of date.
Assigning values to listed smf properties was intended as an example
of how smf properties could be configured, I will clarify that.
When recently updating the doc, I have overlooked that this still uses
'Primary Administrator'. Thank you for catching this. I will change
that
to something else (e.g. System Administrator).
I'm not sure if System Administrator is the right profile, but
it looks good right now. It's likely that the root role
may also have to be used to get the system users/roles fully
configured in some cases.
It isn't required to assign this profile to the new user since the
user will already have the root role and sudo privileges. Another
possibility would be to assign the profile Desktop Administration
which will have a subset of the commands in System Administrator. The
Desktop Administration profile just enumerates GUI-based admin tools
that have GNOME launchers defined for them. Note that GNOME will be
changing in the next build to automatically invoke pfexec for any GUI
command that is listed in a profile assigned to the logged in. And for
any commands not in any profiles assigned to the user, it will invoke
gksu (graphical su) if the corresponding profile is assigned to one of
the user's roles.
-- Glenn
ORACLE ®
Glenn Faden | Senior Principal Software Engineer
Phone: +1 650 786 4003 | Mobile: +1 415 637 8181
Oracle Solaris Security, Solaris Core OS Technology Engineering
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
