1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • autofs for /home: exclude admin users

    From Felix Natter@21:1/5 to All on Mon Apr 1 09:00:01 2024
    hello debian-users,

    I configured autofs for /home:

    * -fstype=nfs,rw,soft,bg,intr SERVER:/share/&

    But now the login as "admin" does not work any more, since
    it tries to mount SERVER:/share/admin -> Is it possible to exclude
    a user from automounting?

    The workaround [1] I use is this:

    admin -fstype=nfs,rw,soft,bg,intr localhost:/export/admin_homes/&
    * -fstype=nfs,rw,soft,bg,intr SERVER:/share/&

    where /export/admin_homes/admin is just a normal directory.

    [1] https://serverfault.com/questions/245121/how-to-prevent-autofs-from-mounting-over-specific-directories

    Is this a valid solution? Will it work on Debian/Ubuntu/... also in the
    future?

    Many Thanks and Best Regards,
    Felix

    --
    Felix Natter
    debian/rules!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Darac Marjal@21:1/5 to All on Mon Apr 1 11:20:01 2024
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------z6pD3tBK0JhxiCaEweZ0NGkn
    Content-Type: multipart/alternative;
    boundary="------------FfHxfQibPM3B7y20QHdPmAVS"

    --------------FfHxfQibPM3B7y20QHdPmAVS
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    DQpPbiAwMS8wNC8yMDI0IDA3OjU1LCBGZWxpeCBOYXR0ZXIgd3JvdGU6DQo+IGhlbGxvIGRl Ymlhbi11c2VycywNCj4NCj4gSSBjb25maWd1cmVkIGF1dG9mcyBmb3IgL2hvbWU6DQo+DQo+ ICogLWZzdHlwZT1uZnMscncsc29mdCxiZyxpbnRyIFNFUlZFUjovc2hhcmUvJg0KSnVzdCB0 byBwb2ludCBvdXQgdGhhdCB0aGlzIGlzICIvc2hhcmUiLCBub3QgIi9ob21lIi4gWW91IG1p Z2h0IGhhdmUgc2V0IA0KdXNlcidzIGhvbWUgZGlyZWN0b3JpZXMgdG8gYmUgL3NoYXJlLzx1 c2VybmFtZT4sIGJ1dCB5b3UndmUgbm90IA0KbWVudGlvbmVkIHRoYXQgZXhwbGljaXRseS4N Cj4NCj4gQnV0IG5vdyB0aGUgbG9naW4gYXMgImFkbWluIiBkb2VzIG5vdCB3b3JrIGFueSBt b3JlLCBzaW5jZQ0KPiBpdCB0cmllcyB0byBtb3VudCBTRVJWRVI6L3NoYXJlL2FkbWluIC0+ IElzIGl0IHBvc3NpYmxlIHRvIGV4Y2x1ZGUNCj4gYSB1c2VyIGZyb20gYXV0b21vdW50aW5n Pw0KUHJvYmFibHkgdGhlIHNpbXBsZXN0IG1ldGhvZCBpcyB0byBlbnN1cmUgdGhhdCAiYWRt aW4iJ3MgaG9tZSBkaXJlY3RvcnkgDQppc24ndCBiZWxvdyAvc2hhcmUuIFlvdSBjb3VsZCBr ZWVwIHRoYXQgdW5kZXIgL2hvbWUsIG9yIG1ha2UgYSBuZXcgDQpmb2xkZXIsIGFzIHlvdSBw cmVmZXIuDQo+DQo+IFRoZSB3b3JrYXJvdW5kIFsxXSBJIHVzZSBpcyB0aGlzOg0KPg0KPiBh ZG1pbiAtZnN0eXBlPW5mcyxydyxzb2Z0LGJnLGludHIgbG9jYWxob3N0Oi9leHBvcnQvYWRt aW5faG9tZXMvJg0KPiAqIC1mc3R5cGU9bmZzLHJ3LHNvZnQsYmcsaW50ciBTRVJWRVI6L3No YXJlLyYNCj4NCj4gd2hlcmUgL2V4cG9ydC9hZG1pbl9ob21lcy9hZG1pbiBpcyBqdXN0IGEg bm9ybWFsIGRpcmVjdG9yeS4NCj4NCj4gWzFdDQo+IGh0dHBzOi8vc2VydmVyZmF1bHQuY29t L3F1ZXN0aW9ucy8yNDUxMjEvaG93LXRvLXByZXZlbnQtYXV0b2ZzLWZyb20tbW91bnRpbmct b3Zlci1zcGVjaWZpYy1kaXJlY3Rvcmllcw0KPg0KPiBJcyB0aGlzIGEgdmFsaWQgc29sdXRp b24/IFdpbGwgaXQgd29yayBvbiBEZWJpYW4vVWJ1bnR1Ly4uLiBhbHNvIGluIHRoZQ0KPiBm dXR1cmU/DQo+DQo+IE1hbnkgVGhhbmtzIGFuZCBCZXN0IFJlZ2FyZHMsDQo+IEZlbGl4DQpJ IHVzZSBGcmVlSVBBIHRvIG1hbmFnZSBteSBORlMgaG9tZSBkaXJlY3RvcmllcywgYW5kIEkn dmUgc2V0IG15IHVzZXJzIA0KdGhlcmUgdG8gaGF2ZSBob21lIGRpcmVjdG9yaWVzIHVuZGVy IC9ob21lL2lwYS88dXNlcm5hbWU+LiBUaGlzIG1lYW5zIA0KdGhhdCBub24tRnJlZUlQQSB1 c2VycyAoaS5lLiBpZiBJIG5lZWQgYSBtYWNoaW5lLW9ubHkgdXNlcikgaGF2ZSB0aGVpciAN CmhvbWVzIHVuZGVyIC9ob21lLzx1c2VybmFtZT4gd2hpY2ggaXNuJ3QgTkZTLW1vdW50ZWQu DQoNCg==
    --------------FfHxfQibPM3B7y20QHdPmAVS
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable

    <!DOCTYPE html>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    </head>
    <body>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 01/04/2024 07:55, Felix Natter
    wrote:<br>
    </div>
    <blockquote type="cite"
    cite="mid:87sf05efmj.fsf@bitburger.home.felix">
    <pre class="moz-quote-pre" wrap="">hello debian-users,

    I configured autofs for /home:

    * -fstype=nfs,rw,soft,bg,intr SERVER:/share/&amp;</pre>
    </blockquote>
    Just to point out that this is "/share", not "/home". You might have
    set user's home directories to be /share/&lt;username&gt;, but
    you've not mentioned that explicitly.<br>
    <blockquote type="cite"
    cite="mid:87sf05efmj.fsf@bitburger.home.felix">
    <pre class="moz-quote-pre" wrap="">

    But now the login as "admin" does not work any more, since
    it tries to mount SERVER:/share/admin -&gt; Is it possible to exclude
    a user from automounting? </pre>
    </blockquote>
    Probably the simplest method is to ensure that "admin"'s home
    directory isn't below /share. You could keep that under /home, or
    make a new folder, as you prefer.<br>
    <blockquote type="cite"
    cite="mid:87sf05efmj.fsf@bitburger.home.felix">
    <pre class="moz-quote-pre" wrap="">

    The workaround [1] I use is this:

    admin -fstype=nfs,rw,soft,bg,intr localhost:/export/admin_homes/&amp;
    * -fstype=nfs,rw,soft,bg,intr SERVER:/share/&amp;

    where /export/admin_homes/admin is just a normal directory.

    [1]
    <a class="moz-txt-link-freetext" href="https://serverfault.com/questions/245121/how-to-prevent-autofs-from-mounting-over-specific-directories">https://serverfault.com/questions/245121/how-to-prevent-autofs-from-mounting-over-specific-directories</a>

    Is this a valid solution? Will it work on Debian/Ubuntu/... also in the
    future?

    Many Thanks and Best Regards,
    Felix
    </pre>
    </blockquote>
    I use FreeIPA to manage my NFS home directories, and I've set my
    users there to have home directories under
    /home/ipa/&lt;username&gt;. This means that non-FreeIPA users (i.e.
    if I need a machine-only user) have their homes under
    /home/&lt;username&gt; which isn't NFS-mounted.<br>
    <p><span style="white-space: pre-wrap">
    </span></p>
    </body>
    </html>

    --------------FfHxfQibPM3B7y20QHdPmAVS--

    --------------z6pD3tBK0JhxiCaEweZ0NGkn--

    -----BEGIN PGP SIGNATURE-----

    wsF5BAABCAAjFiEEaJ2XU/5QawksHjUq5unkJUjJEucFAmYKe0oFAwAAAAAACgkQ5unkJUjJEucY cQ/+NghkM63XPOcTr9eGtqQgZJ1mEz+JA4XH8ae/L1krStr/mG/dIgBeYTMHqttuP/LhetEcUu6n EROsNqYXWp/+Qb6Rha5FpGZBQc4frgvSIS4GnTEtzSuCGuB/pF8bvqR4HTDdQcITt60EvpZUc1Lv +yK9fVMq8o94G4SE5PbjRfDjG8ClNXYbcJzfudHOF12IIKUz+ITB+hrPbZr0e4OZAC431eX/eI6C eu/a7rJWLaparcF4WVM32w0BlPWuWbqDZVRGAtcN7KtjwafIuh6xVOZQP1BF3sve1++i5by4VQ6V kk7gtxRGH3W8szqja8yO28e85f3fl+O2aMI8s3mf8bhY4V8Mgs/kN9uxP4YSq9QwcwRurR3P6ZFs uLlbXEpTij6unqfJbyU+RjhmHqNevDd1dxOhjRaPG/EYfrzJXkM/gQbmlDNwOxBY8a27mC9Qct+e tWGWizeqZ6/ajaBCN9ME9KqrwaBD4Py1LJcEaB1U8cOp3Cxbbipcl5lYgRnzL7JlXLENDeyDLnRe bUrL/XozPyZcdTUvdzUY2fbFHH4KYYJnMLQupQU1Biwzxmybe0f4daMhwgQ8l7+tb34AwG+SHhLe 9FFh3eC+286J0/aXBP23yuJUPKCU3hl/ZGJshy6RaqD25gB73cTvbagdDY21OK29sTdh+sfc5RnR ac0=
    =6rNU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Felix Natter@21:1/5 to Darac Marjal on Sat Apr 6 09:50:46 2024
    hallo Darac,

    Darac Marjal <mailinglist@darac.org.uk> writes:
    On 01/04/2024 07:55, Felix Natter wrote:

    hello debian-users,

    I configured autofs for /home:

    * -fstype=nfs,rw,soft,bg,intr SERVER:/share/&

    Just to point out that this is "/share", not "/home". You might have set user's home directories to be /share/<username>, but you've not mentioned that
    explicitly.

    you interpreted this wrongly: The whole config is for /home (defined in /etc/auto.home and /etc/auto.misc or similar). The * means "any
    username", and the right hand side is saying "mount SERVER:/share/$1 as /home/$1" using NFS.

    But now the login as "admin" does not work any more, since
    it tries to mount SERVER:/share/admin -> Is it possible to exclude
    a user from automounting?

    Probably the simplest method is to ensure that "admin"'s home directory isn't below /share. You could keep that under /home, or make a new folder, as you
    prefer.

    Ok, that is an idea: Change /etc/passwd so that "admin" gets the home
    from /export/admins/admin. The (small) downside is that I potentially need
    to do this for every admin around (In my "workaround" I can make
    /etc/auto.home executable and use bash's wildcard matching).

    The workaround [1] I use is this:

    admin -fstype=nfs,rw,soft,bg,intr localhost:/export/admin_homes/&
    * -fstype=nfs,rw,soft,bg,intr SERVER:/share/&

    where /export/admin_homes/admin is just a normal directory.

    [1] https://serverfault.com/questions/245121/how-to-prevent-autofs-from-mounting-over-specific-directories

    Is this a valid solution? Will it work on Debian/Ubuntu/... also in the future?

    Since I already did it that way: Can somebody please tell me whether my "workaround" is valid?

    I use FreeIPA to manage my NFS home directories, and I've set my users there to have home directories under /home/ipa/<username>. This means that
    non-FreeIPA users (i.e. if I need a machine-only user) have their homes under /home/<username> which isn't NFS-mounted.

    Yes, thanks (this is similar to your suggestion above). I would have do
    it the other way around, i.e. keep the homes in /home, as users' Homes
    depend on it.

    Many Thanks and Best Regards,
    Felix
    --
    Felix Natter
    debian/rules!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)