I am currently running K12LTSP on Centos 5, which is working well but without sound on most machines(ok all). So in order to remedy this and the cd-burning issue I have decided to try to install CentOS locally on one machine and then apply the personalizations via NFS.
Steps: I editted the /etc/exports to export the /home dir as per the NFS howto and that seemed to work as the user homes were mounted in the correct place after an edit to my /etc/fstab "192.168.0.254:/home /mnt/home nfs rw,hard,intr 0 0" good :)
Then I started adding users, I added one user and did not create a /home/user directory instead pointed the home folder to /mnt/home/user
But when I try to login as that user I got the dreaded: "User's $HOME/.dmrc file is being ignored. This prevents the default sessionand languages from being saved. File should be owned by user and have 644 Permissions. User's $HOME directory must be owned by user and not writable by other users."
So I looked into the permissions and this is what I see serverside: [root@LTSP ~]# ls -al /home total 64 drwxr-xr-x 8 root root 4096 Sep 15 23:13 . drwxr-xr-x 24 root root 4096 Sep 22 17:45 .. drwx------ 27 ainsley ainsley 4096 Sep 23 19:13 ainsley drwx------ 31 Dan Dan 4096 Sep 24 21:42 Dan drwx------ 27 darren darren 4096 Sep 23 18:17 darren drwx------ 33 devin devin 4096 Sep 24 07:28 devin drwx------ 22 kristi kristi 4096 Sep 24 21:35 kristi drwx------ 21 landen landen 4096 Sep 24 21:14 landen
BUT when I look at the /mnt/home listing I see a completely different set of permissions:
drwxr-xr-x 8 root root 4096 Sep 15 23:13 . drwxr-xr-x 24 root root 4096 Sep 22 17:45 .. drwx------ 27 devin devin 4096 Sep 23 19:13 ainsley drwx------ 31 Dan Dan 4096 Sep 24 21:42 Dan drwx------ 27 kristi kristi 4096 Sep 23 18:17 darren drwx------ 33 503 503 4096 Sep 24 07:28 devin drwx------ 22 504 504 4096 Sep 24 21:35 kristi drwx------ 21 505 505 4096 Sep 24 21:14 landen
the ones in bold are definately wrong, and I have no idea how they are being set. unless it is because they are not accounts on the test machine yet but then neither is the "landen" account and that one has the correct permissions sort of.... the user numbers are correct for the user names by the way.
Anyone have any ideas?
Thanks! Dan
Quoting Dan likuidkewl@gmail.com:
But when I try to login as that user I got the dreaded: "User's $HOME/.dmrc file is being ignored. This prevents the default sessionand languages from being saved. File should be owned by user and have 644 Permissions. User's $HOME directory must be owned by user and not writable by other users."
So I looked into the permissions and this is what I see serverside: [root@LTSP ~]# ls -al /home total 64 drwxr-xr-x 8 root root 4096 Sep 15 23:13 . drwxr-xr-x 24 root root 4096 Sep 22 17:45 .. drwx------ 27 ainsley ainsley 4096 Sep 23 19:13 ainsley drwx------ 31 Dan Dan 4096 Sep 24 21:42 Dan drwx------ 27 darren darren 4096 Sep 23 18:17 darren drwx------ 33 devin devin 4096 Sep 24 07:28 devin drwx------ 22 kristi kristi 4096 Sep 24 21:35 kristi drwx------ 21 landen landen 4096 Sep 24 21:14 landen
BUT when I look at the /mnt/home listing I see a completely different set of permissions:
drwxr-xr-x 8 root root 4096 Sep 15 23:13 . drwxr-xr-x 24 root root 4096 Sep 22 17:45 .. drwx------ 27 devin devin 4096 Sep 23 19:13 ainsley drwx------ 31 Dan Dan 4096 Sep 24 21:42 Dan drwx------ 27 kristi kristi 4096 Sep 23 18:17 darren drwx------ 33 503 503 4096 Sep 24 07:28 devin drwx------ 22 504 504 4096 Sep 24 21:35 kristi drwx------ 21 505 505 4096 Sep 24 21:14 landen
the ones in bold are definately wrong, and I have no idea how they are being set. unless it is because they are not accounts on the test machine yet but then neither is the "landen" account and that one has the correct permissions sort of.... the user numbers are correct for the user names by the way.
NFS uses the user ID of the user (UID) for permissions. You will need to have the correct permissions on each system, and the correct username associated with the same UID on each machine.
If you are running multiple systems, I would suggest looking into NIS. This will allow you to create the accounts in NIS and have them use the same details on each machine.
On Monday 24 September 2007, Steven Haigh wrote:
Quoting Dan likuidkewl@gmail.com: NFS uses the user ID of the user (UID) for permissions. You will need to have the correct permissions on each system, and the correct username associated with the same UID on each machine.
If you are running multiple systems, I would suggest looking into NIS. This will allow you to create the accounts in NIS and have them use the same details on each machine.
Good answer but I can't agree on the NIS part.. NIS is plain text over the network and is deprecated for a long time. Sun is talking about dropping support, HP the same and even in the Linux camp there is some talk about taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and easier to set up, you should probably look that way...
Peter.
Peter Arremann wrote:
On Monday 24 September 2007, Steven Haigh wrote:
Quoting Dan likuidkewl@gmail.com: NFS uses the user ID of the user (UID) for permissions. You will need to have the correct permissions on each system, and the correct username associated with the same UID on each machine.
If you are running multiple systems, I would suggest looking into NIS. This will allow you to create the accounts in NIS and have them use the same details on each machine.
Good answer but I can't agree on the NIS part.. NIS is plain text over the network and is deprecated for a long time. Sun is talking about dropping support, HP the same and even in the Linux camp there is some talk about taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and easier to set up, you should probably look that way...
Peter. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
There are many alternatives to NIS that are more secure, Kerberos, LDAP, 411, etc that you should investigate. RHEL 5 includes RedHat Directory Server (IIRC) which makes it easy to setup a LDAP server and administer it.
James A. Peltier wrote:
Peter Arremann wrote:
On Monday 24 September 2007, Steven Haigh wrote:
Quoting Dan likuidkewl@gmail.com: NFS uses the user ID of the user (UID) for permissions.
You will need
to have the correct permissions on each system, and the correct username associated with the same UID on each machine.
If you are running multiple systems, I would suggest
looking into NIS.
This will allow you to create the accounts in NIS and have them use the same details on each machine.
Good answer but I can't agree on the NIS part.. NIS is
plain text over the
network and is deprecated for a long time. Sun is talking
about dropping
support, HP the same and even in the Linux camp there is
some talk about
taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and
easier to set up, you
should probably look that way...
Peter. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
There are many alternatives to NIS that are more secure, Kerberos, LDAP, 411, etc that you should investigate. RHEL 5 includes RedHat Directory Server (IIRC) which makes it easy to setup a LDAP server and administer it.
Kerberos only does authentication and not authorization, so it only provides 1/2 (or 1/3) of the AAA puzzle. You still need some authorization service such as LDAP or NIS or 411 to provide the authorization information and it is not secure to house or provide authentication information in NIS or LDAP or 411, though a lot of people use LDAP to house Heimdal Kerberos secrets it is not considered a fully secure implementation.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Good answer but I can't agree on the NIS part.. NIS is plain text over the network and is deprecated for a long time. Sun is talking about dropping support, HP the same and even in the Linux camp there is some talk about taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and easier to set up, you should probably look that way...
Peter.
I could not agree more.NIS must die.Use LDAP.There is no reason to use NIS or NIS+ in the enterprise.Google will provide plently of good result to integrate NFS with OpenLDAP and automount.
Joy
Peter Arremann wrote:
On Monday 24 September 2007, Steven Haigh wrote:
Quoting Dan likuidkewl@gmail.com: NFS uses the user ID of the user (UID) for permissions. You
will need
to have the correct permissions on each system, and the correct username associated with the same UID on each machine.
If you are running multiple systems, I would suggest
looking into NIS.
This will allow you to create the accounts in NIS and have them use the same details on each machine.
Good answer but I can't agree on the NIS part.. NIS is plain text over the network and is deprecated for a long time. Sun is talking about dropping support, HP the same and even in the Linux camp there is some talk about taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and easier to set up, you should probably look that way...
NIS doesn't have to contain passwords, you can use Kerberos for authentication and still use NIS for user information, if you are worried about user names and uids going across in the clear you can use NIS+ and TLS.
Improperly secured LDAP can have the same security issues as NIS.
I would use whichever method works best for you, NIS or LDAP. You will find that a lot of the LDAP implementations are highly customized to each site, so figuring out what to use and what not to use can be a challenge, while NIS is pretty much standardized.
I would use Kerberos for passwords though irrespective of the choice to use LDAP or NIS.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Thanks for all the suggestions! As this is for a simple home rollout ldap and NIS are a little over the top. If it were a big picture item I would definitely choose ldap.
I found in order for this to work I had to cp the /etc/passwd and /etc/group to the local machine that is connecting to the NFS server share.
Again thanks for all the info!
Dan
On 9/25/07, Ross S. W. Walker rwalker@medallion.com wrote:
Peter Arremann wrote:
On Monday 24 September 2007, Steven Haigh wrote:
Quoting Dan likuidkewl@gmail.com: NFS uses the user ID of the user (UID) for permissions. You
will need
to have the correct permissions on each system, and the correct username associated with the same UID on each machine.
If you are running multiple systems, I would suggest
looking into NIS.
This will allow you to create the accounts in NIS and have them use the same details on each machine.
Good answer but I can't agree on the NIS part.. NIS is plain text over the network and is deprecated for a long time. Sun is talking about dropping support, HP the same and even in the Linux camp there is some talk about taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and easier to set up, you should probably look that way...
NIS doesn't have to contain passwords, you can use Kerberos for authentication and still use NIS for user information, if you are worried about user names and uids going across in the clear you can use NIS+ and TLS.
Improperly secured LDAP can have the same security issues as NIS.
I would use whichever method works best for you, NIS or LDAP. You will find that a lot of the LDAP implementations are highly customized to each site, so figuring out what to use and what not to use can be a challenge, while NIS is pretty much standardized.
I would use Kerberos for passwords though irrespective of the choice to use LDAP or NIS.
-Ross
This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos