Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris Trusted Extensions Installation and Configuration
Previous Next

Creating Home Directories in Trusted Extensions

In Trusted Extensions, users need access to their home directories at every label at which the users work. To make every home directory available to the user requires that you create a multilevel home directory server, run the automounter on the server, and export the home directories. On the client side, you can run scripts to find the home directory for every zone for each user, or you can have the user log in to the home directory server.

Create the Home Directory Server in Trusted Extensions

Before You Begin

You must be superuser, in the root role, or in the Primary Administrator role.

  1. Install and configure the home directory server with Trusted Extensions software.
    • If you are cloning zones, make sure that you use a Solaris ZFS snapshot that has empty home directories.

    • Because users require a home directory at every label that they they can log in to, create every zone that a user can log in to. For example, if you use the default label_encodings file, you would create a zone for the PUBLIC label.

  2. If you are using UFS and not Solaris ZFS, enable the NFS server to serve itself.
    1. In the global zone, modify the automount entry in the nsswitch.conf file.

      Use the trusted editor to edit the /etc/nsswitch.conf file. For the procedure, see How to Edit Administrative Files in Trusted Extensions in Solaris Trusted Extensions Administrator’s Procedures.

      automount: files
    2. In the global zone, run the automount command.
  3. For every labeled zone, follow the automount procedure in How to NFS Mount Files in a Labeled Zone in Solaris Trusted Extensions Administrator’s Procedures. Then, return to this procedure.
  4. Verify that the home directories have been created.
    1. Log out of the home directory server.
    2. As a regular user, log in to the home directory server.
    3. In the login zone, open a terminal.
    4. In the terminal window, verify that the user's home directory exists.
    5. Create workspaces for every zone that the user can work in.
    6. In each zone, open a terminal window to verify that the user's home directory exists.
  5. Log out of the home directory server.

Enable Users to Access Their Home Directories in Trusted Extensions

Users can initially log in to the home directory server to create a home directory that can be shared with other systems. To create a home directory at every label, each user must log in to the home directory server at every label.

Alternatively, you, as administrator, can create a script to create a mount point for home directories on each user's home system before the user first logs in. The script creates mount points at every label at which the user is permitted to work.

Before You Begin

The home directory server for your Trusted Extensions domain is configured.

  • Choose whether to allow direct login to the server, or whether to run a script.
    • Enable users to log in directly to the home directory server.
      1. Instruct each user to log in to the home directory server.

        After successful login, the user must log out.

      2. Instruct each user to log in again, and this time, to choose a different login label.

        The user uses the label builder to choose a different login label. After successful login, the user must log out.

      3. Instruct each user to repeat the login process for every label that the user is permitted to use.
      4. Instruct the users to log in from their regular workstation.

        Their home directory for their default label is available. When a user changes the label of a session or adds a workspace at a different label, the user's home directory for that label is mounted.

    • Write a script that creates a home directory mount point for every user, and run the script.
      #!/bin/sh
      #
      for zoneroot in `/usr/sbin/zoneadm list -p | cut -d ":" -f4` ; do
          if [ $zoneroot != / ]; then
              prefix=$zoneroot/root/export
          
              for j in `getent passwd|tr ' ' _` ; do
                  uid=`echo $j|cut -d ":" -f3`
                  if [ $uid -ge 100 ]; then
                      gid=`echo $j|cut -d ":" -f4`
                      homedir=`echo $j|cut -d ":" -f6`
                      mkdir -m 711 -p $prefix$homedir
                      chown $uid:$gid $prefix$homedir
                  fi
              done
          fi
      done
      1. From the global zone, run this script on the NFS server.
      2. Then, run this script on every multilevel desktop that the user is going to log in to.
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire