Homedirectories

I feel obliged to point out that this blog post is roughly 5 years old. People change, opinions evolve. In just a few years, vast technological landscapes can shift. And don't get me started on config files. Please consider this text in the context of its time.

Even such venerable tools like useradd could use some extra features. In a recent SRU an option was added to set a default for how the home directory is created. You have three options.

Create it as a subdirectory.
Create it as its own ZFS filesystem for the user.
Create it as its own ZFS filesystem for the user and delegate the filesystem to the user.

Let’s try this out. When you choose yes, the home directory is created as its own ZFS filesystem.

root@solaris:~# useradd -D -z yes
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=yes

Now I create a user with these defaults:

root@solaris:~# useradd -m userb

There is its own ZFS filesystem for the home directory of user usera.

root@solaris:/export/home# zfs list | grep "rpool/export/home/usera"
rpool/export/home/usera          35K     2G    35K  /export/home/usera

And if you check for the delegations, you will see that permissions have been passed to the user usera.

root@solaris:/export/home# zfs allow rpool/export/home/usera
---- Permissions on rpool/export/home/usera -----------------------
Local+Descendent permissions:
        user usera create,mount,snapshot

Okay, now let’s try it with the setting nodelegation.

root@solaris:~# useradd -D -z nodelegation
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=nodelegation

I create another user.

root@solaris:~# useradd -m userb

Its own ZFS filesystem is still created.

root@solaris:/export/home# zfs list | grep "rpool/export/home/userb"
rpool/export/home/userb             35K     2G    35K  /export/home/userb

However when checking for delegations, there will be none.

root@solaris:~# zfs allow rpool/export/home/userb
root@solaris:~#

Okay. Last option for this setting. no tells the system not to create a ZFS filesystem for the user.

root@solaris:~# useradd -D -z no
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=no

Okay, yet another user.

root@solaris:~# useradd -m userc

There is no separate ZFS filesystem for this user.

root@solaris:~# zfs list | grep "userc"
root@solaris:~#

Instead the home directory has just been created as a normal directory.

root@solaris:/export/home# ls -l /export/home/ | grep userc
drwxr-xr-x   2 userc   staff          7 März  5 17:13 userc

And of course there are no delegations because there is no ZFS filesystem for this user.

Joerg Moellenkamp

Solaris 11.4 SRU 90: devnm -s

Solaris 11.4 SRU 90: Scan with pending free

Solaris 11.4 SRU 90: Losing your retention

c0t0d0s0.org

Recent posts

Nudging machines

Thoughts: Mond

Menu