Solaris

Homedirectories

Joerg Moellenkamp
Joerg Moellenkamp

Even such venerable tools like useradd could use some extra features. In a recent SRU an option was added to set a default how the home directory is created. You have three options.

  • create is as a subdirectory
  • create it as an own zfs filesystem for the user
  • create it as an own zfs filesystem for the user and delegate the filesystem to the user.

Let’s try this out. When you chose yes, the home directory is created as it’s own home directory.

root@solaris:~# useradd -D -z yes
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=yes

Now i create a user with this defaults:

root@solaris:~# useradd -m userb

There is an own zfs filesystem for the homedirectory of user usera

root@solaris:/export/home# zfs list | grep "rpool/export/home/usera"
rpool/export/home/usera          35K     2G    35K  /export/home/usera

And if you check for the delegations, you will see that permissions have been passed to the user usera

root@solaris:/export/home# zfs allow rpool/export/home/usera
---- Permissions on rpool/export/home/usera -----------------------
Local+Descendent permissions:
        user usera create,mount,snapshot

Okay, now let’s try it with the setting nodelegation

root@solaris:~# useradd -D -z nodelegation
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=nodelegation

I create another user.

root@solaris:~# useradd -m userb

An own ZFS filesystem is still created.

root@solaris:/export/home# zfs list | grep "rpool/export/home/userb"
rpool/export/home/userb             35K     2G    35K  /export/home/userb

However when checking for delegations, there will be none.

root@solaris:~# zfs allow rpool/export/home/userb
root@solaris:~#

Okay. Last option to this setting. no tells the system not to create an ZFS filesystem for the user.

root@solaris:~# useradd -D -z no
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=no

Okay, yet another user.

root@solaris:~# useradd -m userc

There is no separate ZFS filesystem for this user.

root@solaris:~# zfs list | grep "userc"
root@solaris:~#

Instead the home directory has just been created as a normal directory.

root@solaris:/export/home# ls -l /export/home/ | grep userc
drwxr-xr-x   2 userc   staff          7 März  5 17:13 userc

And of course there are no delegations because there is no ZFS filesystem for this user.

Joerg Moellenkamp
Written by

Joerg Moellenkamp

Grey-haired, sometimes grey-bearded Windows dismissing Unix guy.

You may also like...

Solaris

Solaris 11: Network Condition Simulator

A long time ago i wrote about a driver for Opensolaris called `hitbox` or `htbx`. This driver enabled a Solaris system to simulate properties of a network li...

Solaris

Solaris 10/11: Account locking and passwordless SSH

One of the nice things about SSH is passwordless login. However that doesn't mean that passwords can't ruin your day. Let's assume you have an account on a s...

Solaris

Solaris 11.4 SRU 60: Sample separation in iostat

As i had quite a fight with a larger IKEA PAX closet for my bedroom, i hadn't quite the time to complete the ZFS retention article so far. Thus today a small...