Solved

Separate Linux home folders from data

Posted on 2006-07-17
9
1,020 Views
Last Modified: 2013-12-16
In Windows, the roaming profile is completely separate from the user's home folder.  This allows for super-easy cleanup at the end of each college semester, where I can safely erase all the student profiles, but backup & store their home folders.  Also, as I update the default profile everyone receives, I know that each new semester when everyone logs in, they'll get a good, clean, updated profile.

Not so in Linux.

We're using Red Hat Enterprise Linux 4 (both server & clients).  By default, the user's home folder IS their profile store.  This makes it very difficult to ever update profiles or archive user data without including a bunch of profile junk.

Aside from creating a special mount point, or forcing students to only store real data in a special place (which I know they won't do), is there a way to separate home folders (~) from the profile store?  I'd like ~ to store only data the student actually put there, while the profile (dot files, browser cache, etc) to go somewhere else that can be wiped after each semester.

I was thinking that there might be some sort of env variable or something that would do the trick.

Thanks,
Matt
0
Comment
Question by:kemis
9 Comments
 
LVL 15

Accepted Solution

by:
DonConsolio earned 350 total points
ID: 17122349
there is no "roaming profile" or "registry" on linux you need to take care of :-)

if you want users to only write to a specific directory you could
- create a directory structure for your data ( e.g. /bigdisk/$year/$studentid/ ) and grant each user "rwx" to their own data dir
- only grant "rx" on /home/$year/$studentid/, populare with .profile, defaults, etc
- symlink /home/$year/$studentid/data --> /bigdisk/$year/$studentid/
- tell your students you will only backup the datadir
- only backup the datadir :-)
0
 
LVL 40

Assisted Solution

by:noci
noci earned 150 total points
ID: 17122651
The variable you're looking for is named HOME
which defaults to the setting of the home directory from /etc/passwd or LDAP equivalent.

The trouble is that users might end up in the profile  after a blank 'cd' or 'cd ~'.
As this variable is used to resolve that.


The user profile a mostly stored in hidden files/directories:
so a 'rm -rf ~user/.[A-Za-z0-9]*' will most probably remove all profile data.

0
 
LVL 40

Expert Comment

by:noci
ID: 17122700
Storing stuff in a predefined place can be forcefed..,
by making their logindirectory readonly, with pre installed
subdirectories per needed product. f.e.
make a .kde subdirectory writeable to them,
and make a data subdirectory writable to them
As they have no write access to the login / home directory
==> they can't rename anything there.

That should work for the most part.

Please indicate if you have more specific items.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:kemis
ID: 17145568
It doesn't sound like there's a way in Linux to do what I was wanting...

So, the home folder is the profile store & there's no way around that aside from creating a special data store & forcing users to save there?

What would happen if the HOME variable was changed at logon?  I want ~ (or a blank cd) to be their data store, but how do most programs resolve where the profile store is?  Don't they just put that info in whatever the HOME variable happens to be?  If so, then changing the HOME variable wouldn't do much good, right?

Thanks so much for the help!

Matt
0
 
LVL 40

Expert Comment

by:noci
ID: 17146495
If you change the HOME variable, the ~ changes with it.
Also all programs that want to handle "profile" data use $HOME/<profile file-or-dir>  to access that file or directory.
like you suggested no solution in that direction.

btw ~ is resolved only on command lines by the shell and not necesarily on open & close windows etc.
Internaly all programs use $HOME.

If you want to separate it you need to lockdown the login directory and leave subdirectories open.
The user should not have write access to the home directory (ie, cannot rename or create new files there).
A mode 555, 550 or 500 for the login directory will do that.
And create a "WORK" subdirectory with 7xx rights in the login directory to work in.
Many modern software "remembers" where the were the last time, as a courtesy you can make it
the default directory after logging on.

0
 
LVL 3

Expert Comment

by:bryanlloydharris
ID: 17164275
What about NIS for home folder, local-comp:/tmp for browser cache and disregard .bash{rc,_login,_profile,_logout} since it's only a few kilobytes anyway?
0
 

Author Comment

by:kemis
ID: 17164645
noci,

Thanks for the extra info regarding $HOME.  It helps a lot.  If I lockdown the user from the $HOME folder, though, then will new programs that try to create new dot folders/files be able to do so?

bryanlloydharris,

There are many other programs, etc, that put dot files/folder into $HOME than just browser cache.  My goal would be to separate all (or as much as possible) profile data that would be irrelevant a year from now from the user data that the students would need to browse for future portfolio projects, etc.

At this point, it appears as though forcing the students to only write to a particular folder within $HOME is the best approach in Linux.  I just want to be sure that setting 5xx perms on each user's home folder won't mess up anything else.

Thanks again to all!
Matt
0
 

Author Comment

by:kemis
ID: 17196605
Any more ideas since my last post?

Thanks,
Matt
0
 

Author Comment

by:kemis
ID: 17285173
It appears as though my original goal is somewhat impossible, although the idea of "forcefeeding" a data directory is growing on me.

Thank you for your help!  I certainly hope I was fair in my awarding of points.

Take care,
Matt
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Video Streaming 6 74
wipe a usb using python 5 48
Run DOS2UNIX and then execute the command 21 71
Why  my code (program) build with old compiler? 11 47
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question