Michael Niksch wrote:
>
> > - For convenience, we set up a separate symlink directory. Something
> > like /:/home/cc (linked to /:/users/u3/cc)...
>
> Why will the /:/home directory with the full number of symlink entries
> cause less trouble than a /:/users directory that had the same number
> of user subdirectories without indirection?
>
> Forgive me if this is a stupid question, but administering a site with
> only 300+ users I haven't played with indirection yet.
>
Well there were a few points that didn't come across.
1. We had SSO with Integrated Login. The bulk of our 10K user
community was AIX or ran a full client. We had PCs but almost all of
them ran OS/2 at that time (which had AFS and DFS clients). If we had a
significant amount of PC using a filemanager, we probably would have
split /:/home up more (for all I know they probably have now! I know
they're using SAMBA a lot more these days).
My understanding of the Michigan environment is that they have a huge
amount of SMB and Netatalk access of their filesystem. Different
story, different context. The distribution of platforms and protocols
are quite different.
BTW, you find that with SSO the registry namespace concerns start
getting just as tricky as the filepath namespace concerns. We had to
change our policy for someone's default group (e.g. putting them in
staff) because we found that the whole group membership list was passed
as per POSIX. We adopted a model where you received a username and
groupname that were the same "cc". (Like BSD does).
2. The /:/home/cc path existed only for interactive use and convenience.
Yes, it is a problem to browse (via a file manager) or list it. It's
also a problem to cd /afs && ls -lF, but you already know that!
There's nothing preventing you from indirecting the virtual view
further. (e.g. /:/home/c/c/cc or whatever. That way you get the best
of both worlds). This is probably what I would do today.
3. For data sharing, we used project directories and group ACL control.
We discouraged (by policy and quota) people from using their home
directories as share points. The intent was to differentiate between
personal and group data.
Of course, we were a commercial rather than an academic institution. We
had a much stricter set of business and legal requirements to retain and
manage project data. The legal reqs. being far more significant in the
business world than most in academia appreciate. (You can get called to
the carpet by a judge product design documents up to 7 yrs. after you've
announced).
--
Chris Cowan
