Solaris

Homedirectories

Joerg Moellenkamp
Joerg Moellenkamp
2 minutes to read
 

Even such venerable tools like useradd could use some extra features. In a recent SRU an option was added to set a default how the home directory is created. You have three options.

  • create is as a subdirectory
  • create it as an own zfs filesystem for the user
  • create it as an own zfs filesystem for the user and delegate the filesystem to the user.

Let’s try this out. When you chose yes, the home directory is created as it’s own home directory.

root@solaris:~# useradd -D -z yes
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=yes

Now i create a user with this defaults:

root@solaris:~# useradd -m userb

There is an own zfs filesystem for the homedirectory of user usera

root@solaris:/export/home# zfs list | grep "rpool/export/home/usera"
rpool/export/home/usera          35K     2G    35K  /export/home/usera

And if you check for the delegations, you will see that permissions have been passed to the user usera

root@solaris:/export/home# zfs allow rpool/export/home/usera
---- Permissions on rpool/export/home/usera -----------------------
Local+Descendent permissions:
        user usera create,mount,snapshot

Okay, now let’s try it with the setting nodelegation

root@solaris:~# useradd -D -z nodelegation
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=nodelegation

I create another user.

root@solaris:~# useradd -m userb

An own ZFS filesystem is still created.

root@solaris:/export/home# zfs list | grep "rpool/export/home/userb"
rpool/export/home/userb             35K     2G    35K  /export/home/userb

However when checking for delegations, there will be none.

root@solaris:~# zfs allow rpool/export/home/userb
root@solaris:~#

Okay. Last option to this setting. no tells the system not to create an ZFS filesystem for the user.

root@solaris:~# useradd -D -z no
group=staff,10  project=default,3  basedir=/export/home
skel=/etc/skel  shell=/usr/bin/bash  inactive=0
expire=  auths=  roles=  profiles=  limitpriv=
defaultpriv=  lock_after_retries=  roleauth=
auth_profiles=  clearance=  min_label=  pam_policy=
project=  audit_flags=  access_times=  access_tz=
unlock_after=  tpd=  annotation=  zfshome=no

Okay, yet another user.

root@solaris:~# useradd -m userc

There is no separate ZFS filesystem for this user.

root@solaris:~# zfs list | grep "userc"
root@solaris:~#

Instead the home directory has just been created as a normal directory.

root@solaris:/export/home# ls -l /export/home/ | grep userc
drwxr-xr-x   2 userc   staff          7 März  5 17:13 userc

And of course there are no delegations because there is no ZFS filesystem for this user.

Joerg Moellenkamp
Written by

Joerg Moellenkamp

Grey-haired, sometimes grey-bearded Windows dismissing Unix guy.

You may also like...

Solaris republished Security

Only one time - revisited

Configuring one time passwords more broadly in Solaris 11.4

Solaris republished Security

Only one time

Configuring one time passwords for SSH with Solaris 11.4

Solaris Zones

Solaris 11.4 SRU 81: Virtual PID for init and zshed

New PIDs for init and zshed in the NGZ