Forgot your password?
typodupeerror
Operating Systems

aashenfe's Journal: Musings about Linux #1

Journal by aashenfe
Musing about Linux.
These are just Ideas that I think would be cool if implimented. They are ideas for Linux, but probably would apply to any Unix like OS. I didn't spend a huge amount of time considering all the ramifications. They are just Ideas, and not always complete idea's at that. I would like to try and impliment some of these in the future, but don't have the time or the skill right now. So it might never happen.

Idea #1 Roaming home directories
Allow all the info pertinent to a user account to be contained in the users home directies.
So user info does not need to be in /etc/passwd or /etc/shadow or /etc/group
This would be another authentication/account info option like ldap or winbind.

Implimentation would be something like the following.

First a file in /etc say /etc/homepaths would contain a list of folders that home directories would be found in.

Second a dot folder (like .account) would exist in the users home directory, and will be owned by aspecial login user(because of rootsquash).

Equivilents of passwd,groups and shadow files will exist in the .account folder, but only one entry will be allowed in each, and certain options won't make sence. For instance, home directory should not be specified in passwd, but should be the directory .account resides in. Username will always be the name of the home directory also. Alias accounts could be created with sysbolic links. Group info will be private group only. A createroaminguser utility could be created and would randomly pick a uid and gid when creating accounts so that conficts are highly improbable (Linux has 32bit uid's). Files for smbpasswd,netatalk and other such info could be added to the .account folder also.

When a user tries to login, directories in /etc/homepaths are scanned in order listed for folders with the name of the user account. When such a folder is found, the .account folder is checked and used to determine the user information. The password is then checked against the equivilent of the shadow file. If the password is correct, the user is logged in with a home directory set to the that home folder.

Also, /etc/grouppaths would contain paths to group folders. These folders would be like a home directories for groups. A .gaccount folder would contain info for the group (gid, password, members,etc). Also an added benefit is an automatic folder for members of a group to share files.

Why do this?
1. Simple way to share accounts across machines. (Just nfs mount, and add path to /etc/homepaths. A lot simpler than ldap or winbind)
2. Simplify account management. Delete an account by deleting the folder, and thats it. Restoring accounts almost as easy. Archive accounts by backing up the home directory.
3. Carry accounts around on usb key, or cdrom. Username and password, and other info remains the same.
4. Reinstall os and have accounts automaticly be available in fresh install (preserve data on /home mount)
Problems
1. I don't know how secure this will be? Encryped passwords would be sent across the network for NFS. Any comments on security would be nice. Are there ways of making this more secure? (encrypted NFS? Encrypted folder?)
2. Not as redundant as ldap. Something like rsync can be used to make a online backup, but not realtime or close to realtime. No auto failover. Are there filesystems capable of replication (mysql like)?
3. Performance. Large systems with lots of users and groups might be a problem. Searching all the /etc/homepaths and /etc/grouppaths folders for gid's and uid's could take awhile. (Caching? Indexes?)

Anyway, This is my first idea. So is it the crapyest idea ever, or is there some merit in it?

Let me know.
Adam
This discussion has been archived. No new comments can be posted.

Musings about Linux #1

Comments Filter:

Money is the root of all evil, and man needs roots.

Working...