Solved

Separate Linux home folders from data

Posted on 2006-07-17
9
1,023 Views
Last Modified: 2013-12-16
In Windows, the roaming profile is completely separate from the user's home folder.  This allows for super-easy cleanup at the end of each college semester, where I can safely erase all the student profiles, but backup & store their home folders.  Also, as I update the default profile everyone receives, I know that each new semester when everyone logs in, they'll get a good, clean, updated profile.

Not so in Linux.

We're using Red Hat Enterprise Linux 4 (both server & clients).  By default, the user's home folder IS their profile store.  This makes it very difficult to ever update profiles or archive user data without including a bunch of profile junk.

Aside from creating a special mount point, or forcing students to only store real data in a special place (which I know they won't do), is there a way to separate home folders (~) from the profile store?  I'd like ~ to store only data the student actually put there, while the profile (dot files, browser cache, etc) to go somewhere else that can be wiped after each semester.

I was thinking that there might be some sort of env variable or something that would do the trick.

Thanks,
Matt
0
Comment
Question by:kemis
9 Comments
 
LVL 15

Accepted Solution

by:
DonConsolio earned 350 total points
ID: 17122349
there is no "roaming profile" or "registry" on linux you need to take care of :-)

if you want users to only write to a specific directory you could
- create a directory structure for your data ( e.g. /bigdisk/$year/$studentid/ ) and grant each user "rwx" to their own data dir
- only grant "rx" on /home/$year/$studentid/, populare with .profile, defaults, etc
- symlink /home/$year/$studentid/data --> /bigdisk/$year/$studentid/
- tell your students you will only backup the datadir
- only backup the datadir :-)
0
 
LVL 40

Assisted Solution

by:noci
noci earned 150 total points
ID: 17122651
The variable you're looking for is named HOME
which defaults to the setting of the home directory from /etc/passwd or LDAP equivalent.

The trouble is that users might end up in the profile  after a blank 'cd' or 'cd ~'.
As this variable is used to resolve that.


The user profile a mostly stored in hidden files/directories:
so a 'rm -rf ~user/.[A-Za-z0-9]*' will most probably remove all profile data.

0
 
LVL 40

Expert Comment

by:noci
ID: 17122700
Storing stuff in a predefined place can be forcefed..,
by making their logindirectory readonly, with pre installed
subdirectories per needed product. f.e.
make a .kde subdirectory writeable to them,
and make a data subdirectory writable to them
As they have no write access to the login / home directory
==> they can't rename anything there.

That should work for the most part.

Please indicate if you have more specific items.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kemis
ID: 17145568
It doesn't sound like there's a way in Linux to do what I was wanting...

So, the home folder is the profile store & there's no way around that aside from creating a special data store & forcing users to save there?

What would happen if the HOME variable was changed at logon?  I want ~ (or a blank cd) to be their data store, but how do most programs resolve where the profile store is?  Don't they just put that info in whatever the HOME variable happens to be?  If so, then changing the HOME variable wouldn't do much good, right?

Thanks so much for the help!

Matt
0
 
LVL 40

Expert Comment

by:noci
ID: 17146495
If you change the HOME variable, the ~ changes with it.
Also all programs that want to handle "profile" data use $HOME/<profile file-or-dir>  to access that file or directory.
like you suggested no solution in that direction.

btw ~ is resolved only on command lines by the shell and not necesarily on open & close windows etc.
Internaly all programs use $HOME.

If you want to separate it you need to lockdown the login directory and leave subdirectories open.
The user should not have write access to the home directory (ie, cannot rename or create new files there).
A mode 555, 550 or 500 for the login directory will do that.
And create a "WORK" subdirectory with 7xx rights in the login directory to work in.
Many modern software "remembers" where the were the last time, as a courtesy you can make it
the default directory after logging on.

0
 
LVL 3

Expert Comment

by:bryanlloydharris
ID: 17164275
What about NIS for home folder, local-comp:/tmp for browser cache and disregard .bash{rc,_login,_profile,_logout} since it's only a few kilobytes anyway?
0
 

Author Comment

by:kemis
ID: 17164645
noci,

Thanks for the extra info regarding $HOME.  It helps a lot.  If I lockdown the user from the $HOME folder, though, then will new programs that try to create new dot folders/files be able to do so?

bryanlloydharris,

There are many other programs, etc, that put dot files/folder into $HOME than just browser cache.  My goal would be to separate all (or as much as possible) profile data that would be irrelevant a year from now from the user data that the students would need to browse for future portfolio projects, etc.

At this point, it appears as though forcing the students to only write to a particular folder within $HOME is the best approach in Linux.  I just want to be sure that setting 5xx perms on each user's home folder won't mess up anything else.

Thanks again to all!
Matt
0
 

Author Comment

by:kemis
ID: 17196605
Any more ideas since my last post?

Thanks,
Matt
0
 

Author Comment

by:kemis
ID: 17285173
It appears as though my original goal is somewhat impossible, although the idea of "forcefeeding" a data directory is growing on me.

Thank you for your help!  I certainly hope I was fair in my awarding of points.

Take care,
Matt
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question