Adam Chlipala <[EMAIL PROTECTED]> wrote: > Domtool needs to know about our general AFS lay-out. We had been > putting user home directories in /afs/hcoop.net/usr/USER/home instead > of /afs/hcoop.net/usr/USER, to allow us to include some directories on > these volumes that users aren't allowed to administer. cclausen > stated strong opposition to that plan, and it seems like our general > plan now is to use separate volumes for these other direcories. Am I > right about this? If so, I think a few users might need their home > directory settings tweaked.
Note that the owner of a root directory in a volume has implicit "a" on all directories in the volume. Users should own their own volumes so they can make ACL changes if they accidentally remove themselves. Because of this, you'll want to have a seperate volume for any data that a user shouldn't have absolute control of. You can put all data into a single volume, but volumes don't really cost anything and I'd suggest spliting up seperate websites / vhosts / whatever into seperate volume for ease of management. > Domtool looks in /afs/hcoop.net/usr/USER/domtool for USER's > configuration files; that stays the same between the old and new AFS > lay-outs. The one thing that I think needs changing (if we _are_ > adopting the above-described convention) is the location for Apache > log files. Currently, they're put in /afs/hcoop.net/usr/USER/apache, > which will _work_ now (so long as this directory is created for each > testing-active user with permissions modeled after the example in > /afs/hcoop.net/usr/adamc/apache), but goes against the policy. So, > I'm imagining something like apache.USER volumes, similar to what > we're using now for databases. Any disagreement on that? Why does domtool care about a home directory at all? And do you want to trust users not to change the pre-set permissions? I'd suggest creating seperate volumes for anything that needs per-user access by domtool and mounting them in a seperate root under common, like how the databases are mounted now. I don't know aobut you, but I don't want some random tool writing files into my home directory. I also think calling the location of home directories "usr" instead of "user" or "users" is dumb. And I'd suggest a "u" symlink to the "user" volume. And yes, this should be a seperate volume. I'll likely access my volumes directly, from mount mounts in other cells, so I don't really care. But from a user understanding point of view "usr" directories usually contain software. Also, it is possible to abuse the sysname (fs sysname) functionality of AFS and put the hostname in there. Tools could access /afs/hccop.net/common/@sys/user and get a "mire" mount point on one machine and a "deleuze" mount point on the other and use the exact same path. Its like magic. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
