Mac Thread, Adding new Home share in Technical; At present, all my users home folders are contained within the same "MacHomes" folder on the server.
This means that ...
1st February 2010, 07:07 PM #1
Adding new Home share
At present, all my users home folders are contained within the same "MacHomes" folder on the server.
This means that if I want to apply a permission for say "teachers read only" on just the student folders therein, I have to apply it to each individual folder which is a right royal PITA
Unless someone knows different
So, what I was thinking of doing, is have a root home folder for each year group and then one for staff and others for misc users.
So, my Year 11's would have their own folder, the same for Year 10 and so on. Staff would have theirs and then I could simply add others as I went along as needed.
This means I could apply permissions at root so that, for example, teachers could have read only access to the 'year' folders, but not see other staff folders. For example.
The way it is at the moment, if I apply a permission at root like that, everyone gets it (which is where I screwed my permissions recently.... ) or I have to apply it individually to the relevant folders.
Finally to the questions then
If I make a new share, and tell it to be used as a Home folder, will it have any adverse effect on the CURRENT home folder?
Can I create several folders this way, and then when I create a new user, I simply ensure the relevant folder is selected in WGM?
I have also noted, that the students can see the Xserve in their Finder sidebar, and whilst they don't seem to be able to get to other users folders, I would prefer for them to not see it. It has an 'eject' icon next to it, so it is being mounted from somewhere.
How can I prevent this from happening for new users and/or remove it for existing ones?
Still learning, but a lot more confident with my Macs now
IDG Tech News
1st February 2010, 07:47 PM #2
"What I was thinking of doing is have a root home folder for each year group and then one for staff and others . . ."
IMHO in a purely OD environment this would be the sensible approach.
"My Year 11's would have their own folder, the same for Year 10 and so on . . ."
This is one approach I generally use.
"This means I could apply permissions at root so that, for example, teachers could have read only access to the 'year' folders, but not see other staff folders"
Exactly. It's also simpler and easier to administer. If you want to deny a 'view' simply set the POSIX permissions for Everyone to NONE.
"If I make a new share and tell it to be used as a Home folder will it have any adverse effect on the CURRENT home folder?"
Depending on how you've structured things and what you want to achieve. No.
"Can I create several folders this way and then when I create a new user, I simply ensure the relevant folder is selected in WGM?"
Yes. Assuming a correctly configured OD Master all directories set to share and defined as automounting for Users' Home Directories in the LDAP node will present themselves in the Home Tab in WorkGroup Manager. It's up to you but I like to assign UIDS specific to a set of users and use the filter feature within WorkGroup Manager. For example Year 10 Users could all have UIDs starting with 10xx and so on; Year 11 would start 11xx and etc. You can simply select to show only UIDs that begin from a certain number. Okay you have to be slightly creative with this but I'm sure you get the picture? From there you should be able to click on the Home Tab, select the relevant path and click Create Home Now followed by Save. If everything is configured correctly all of the selected Users will have their home folders created at the desired path with the correct permissions consecutively. You can add overriding ACLs for whomever you like afterwards.
A brief note regarding UIDs and their use on OSX:
Any UID less than 501 becomes invisible. You want to avoid this for standard Users, Groups and Computer Groups unless you have a specific reason for hiding the user?
"I have also noted, that the students can see the Xserve in their Finder sidebar, and whilst they don't seem to be able to get to other users folders, I would prefer for them to not see it. It has an 'eject' icon next to it, so it is being mounted from somewhere"
This has been asked and answered elsewhere on this and other Forums:
Finder browsing the SYSVOL and NETLOGON folder
You have to be a little careful with this 'desire' to make macs 'behave' as if they're PCs. On the platform this is how it's supposed to work. I don't know of any purely Mac environment that has a problem with it. Macs are 'designed' to announce themselves via as many network protocols the OS can support. You may also make it extremely difficult for users to 'navigate' to their own home folders when they want to save a document from within an application's interface.
Hope this helps?
Antonio Rocco (ACSA)
Last edited by AntonioRocco; 1st February 2010 at 07:49 PM.
Thanks to AntonioRocco from:
2nd February 2010, 10:51 AM #3
So would you suggest not turning this off? Permissions on the home folders POSIX are set to 'none' for 'others', so although they can see the folders within the share, they can't actually get into them, I do need to test this for sure though. If it actually isn't a problem, I don't want to waste time and effort removing it if all I am going to achieve is users simply not seeing something they can't access anyway.
Originally Posted by AntonioRocco
Incidentally, our Mac network isn't bound to AD in any way, it is completely separate to our Windows domains.
2nd February 2010, 02:42 PM #4
Save yourself some time and effort and leave things as they are. If as you say this is a 'pure' OD environment then it's not a problem as far as I can see.
Glad I could help.
Antonio Rocco (ACSA)
Last Post: 26th January 2009, 11:22 AM
By dagza in forum EduGeek Joomla 1.5 Package
Last Post: 19th November 2008, 07:16 PM
By mattx in forum Windows
Last Post: 19th October 2008, 01:00 PM
By originofsymmetry in forum Scripts
Last Post: 2nd May 2008, 05:13 PM
By projector1 in forum Windows
Last Post: 1st February 2007, 09:42 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)