Michael Jinks schrieb:
[getting a bit OT for Sun Ray, but the thread started here so...]
Okay, I remember now why I didn't use an executable map to begin with; I
can't figure out how to call it for our setup.
Our home directories live on an NFS server, as individual per-user ZFS
filesystems, and we use the automounter to mount the shares. So we
already have entries in auto_master which look something like:
/nfs/path/to/home0 /etc/auto.nfs.map -nobrowse
Those homes don't exist on the server by default; the plan is to create
them the first time a user logs in, export them, and then let the
automounter do its usual thing. We have the logic for that all worked
out, and we want to call the script which triggers the home
create-and-export process on the server during user login.
The examples I've found for executable maps seem to assume that
either we mount the directory from nfs, OR we create it locally; I don't
see any use cases where we would both call an executable map and manage
a directory using the automounter. Would I just add the executable map
alongside the existing map? Say, alter the above to the following?
/nfs/path/to/home0 /etc/auto_home_create.sh
/nfs/path/to/home0 /etc/auto.nfs.map -nobrowse
This seems ambiguous.
No, you can't do that. You will configure only the executable map. That
executable will not mount anything itself. It just prints the mount
arguments the automounter will use to mount the directory, i.e. the data
that would be in your existing map. Before returning it can do anything
it neeeds to do to prepare that mount.
I have used this in a case case similar to yours: The executable
automounter map first checked whether the NFS directory already exists.
If it was missing it checked whether the passed in mount name was a
valid and eligible user account. If that was the case it created the
directory. Parts of the functionality ran on the NFS server (via ssh
with private key authentication to a suitably privileged account)
This way the directory will be created the first time it is *accessed*
It is difficult to guarantee that this happens only at first login. I
fact at one time we encountered a misbehaving application that
apparently attempted to access the home directories of all users in the
passwd name service. That left us with a huge amount of near-empty (just
a copied skeleton) home directories of users who'd never use this
particular system. I added stricter eligibility checks after that.
Your executable map can not print a mount line and exit with an exit
code, if it encounters an ivalid or ineligible user name.
Also, how do I pass an argument to my executable map to tell the server
which directory to create? In PAM, we have tokens like "%u" which
expand to the user name being authenticated; is there some similar
facility in the automounter? In the example Meik linked, I see:
hdir=$(echo ~$1)
This implies that the executable map is called with the authenticating
user name as $1, is that the case?
Yes. The automounter 'key' is passed in. If you configure
/import/home /etc/my_auto_homes.sh
then an attempt to access /import/home/someuser will call
'/etc/my_auto_home.sh someuser'. There is no guarantee that the argument
is a valid user name. I know of one IDE that regularly attempts to open
$HOME/../.svn, causing calls '/etc/my_auto_home.sh .svn'. You need to
filter these out yourself.
- Jörg
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
