+ Post New Thread
Results 1 to 4 of 4
Mac Thread, Adding new Home share in Technical; At present, all my users home folders are contained within the same "MacHomes" folder on the server. This means that ...
  1. #1
    theeldergeek
    Guest

    Adding new Home share

    At present, all my users home folders are contained within the same "MacHomes" folder on the server.

    This means that if I want to apply a permission for say "teachers read only" on just the student folders therein, I have to apply it to each individual folder which is a right royal PITA

    Unless someone knows different

    So, what I was thinking of doing, is have a root home folder for each year group and then one for staff and others for misc users.

    So, my Year 11's would have their own folder, the same for Year 10 and so on. Staff would have theirs and then I could simply add others as I went along as needed.

    This means I could apply permissions at root so that, for example, teachers could have read only access to the 'year' folders, but not see other staff folders. For example.

    The way it is at the moment, if I apply a permission at root like that, everyone gets it (which is where I screwed my permissions recently.... ) or I have to apply it individually to the relevant folders.

    Finally to the questions then

    If I make a new share, and tell it to be used as a Home folder, will it have any adverse effect on the CURRENT home folder?

    Can I create several folders this way, and then when I create a new user, I simply ensure the relevant folder is selected in WGM?

    I have also noted, that the students can see the Xserve in their Finder sidebar, and whilst they don't seem to be able to get to other users folders, I would prefer for them to not see it. It has an 'eject' icon next to it, so it is being mounted from somewhere.

    How can I prevent this from happening for new users and/or remove it for existing ones?

    Still learning, but a lot more confident with my Macs now

  2. #2
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    262
    Thank Post
    9
    Thanked 112 Times in 95 Posts
    Rep Power
    39
    Hi theeldergeek

    "What I was thinking of doing is have a root home folder for each year group and then one for staff and others . . ."

    IMHO in a purely OD environment this would be the sensible approach.

    "My Year 11's would have their own folder, the same for Year 10 and so on . . ."

    This is one approach I generally use.

    "This means I could apply permissions at root so that, for example, teachers could have read only access to the 'year' folders, but not see other staff folders"

    Exactly. It's also simpler and easier to administer. If you want to deny a 'view' simply set the POSIX permissions for Everyone to NONE.

    "If I make a new share and tell it to be used as a Home folder will it have any adverse effect on the CURRENT home folder?"

    Depending on how you've structured things and what you want to achieve. No.

    "Can I create several folders this way and then when I create a new user, I simply ensure the relevant folder is selected in WGM?"

    Yes. Assuming a correctly configured OD Master all directories set to share and defined as automounting for Users' Home Directories in the LDAP node will present themselves in the Home Tab in WorkGroup Manager. It's up to you but I like to assign UIDS specific to a set of users and use the filter feature within WorkGroup Manager. For example Year 10 Users could all have UIDs starting with 10xx and so on; Year 11 would start 11xx and etc. You can simply select to show only UIDs that begin from a certain number. Okay you have to be slightly creative with this but I'm sure you get the picture? From there you should be able to click on the Home Tab, select the relevant path and click Create Home Now followed by Save. If everything is configured correctly all of the selected Users will have their home folders created at the desired path with the correct permissions consecutively. You can add overriding ACLs for whomever you like afterwards.

    A brief note regarding UIDs and their use on OSX:

    Any UID less than 501 becomes invisible. You want to avoid this for standard Users, Groups and Computer Groups unless you have a specific reason for hiding the user?

    "I have also noted, that the students can see the Xserve in their Finder sidebar, and whilst they don't seem to be able to get to other users folders, I would prefer for them to not see it. It has an 'eject' icon next to it, so it is being mounted from somewhere"

    This has been asked and answered elsewhere on this and other Forums:

    Finder browsing the SYSVOL and NETLOGON folder

    You have to be a little careful with this 'desire' to make macs 'behave' as if they're PCs. On the platform this is how it's supposed to work. I don't know of any purely Mac environment that has a problem with it. Macs are 'designed' to announce themselves via as many network protocols the OS can support. You may also make it extremely difficult for users to 'navigate' to their own home folders when they want to save a document from within an application's interface.

    Hope this helps?

    Antonio Rocco (ACSA)
    Last edited by AntonioRocco; 1st February 2010 at 06:49 PM.

  3. Thanks to AntonioRocco from:


  4. #3
    theeldergeek
    Guest
    Quote Originally Posted by AntonioRocco View Post

    "I have also noted, that the students can see the Xserve in their Finder sidebar, and whilst they don't seem to be able to get to other users folders, I would prefer for them to not see it. It has an 'eject' icon next to it, so it is being mounted from somewhere"

    This has been asked and answered elsewhere on this and other Forums:

    Finder browsing the SYSVOL and NETLOGON folder

    You have to be a little careful with this 'desire' to make macs 'behave' as if they're PCs. On the platform this is how it's supposed to work. I don't know of any purely Mac environment that has a problem with it. Macs are 'designed' to announce themselves via as many network protocols the OS can support. You may also make it extremely difficult for users to 'navigate' to their own home folders when they want to save a document from within an application's interface.
    So would you suggest not turning this off? Permissions on the home folders POSIX are set to 'none' for 'others', so although they can see the folders within the share, they can't actually get into them, I do need to test this for sure though. If it actually isn't a problem, I don't want to waste time and effort removing it if all I am going to achieve is users simply not seeing something they can't access anyway.

    Incidentally, our Mac network isn't bound to AD in any way, it is completely separate to our Windows domains.

  5. #4
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    262
    Thank Post
    9
    Thanked 112 Times in 95 Posts
    Rep Power
    39
    Hi theeldergeek

    Save yourself some time and effort and leave things as they are. If as you say this is a 'pure' OD environment then it's not a problem as far as I can see.

    Glad I could help.

    Antonio Rocco (ACSA)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 13
    Last Post: 26th January 2009, 10:22 AM
  2. Resizing banner 'home link' and adding another?
    By dagza in forum EduGeek Joomla 1.5 Package
    Replies: 0
    Last Post: 19th November 2008, 06:16 PM
  3. Share & Home Drive Sizes
    By mattx in forum Windows
    Replies: 2
    Last Post: 19th October 2008, 12:00 PM
  4. Create a hidden share for home directories
    By originofsymmetry in forum Scripts
    Replies: 5
    Last Post: 2nd May 2008, 04:13 PM
  5. Replies: 8
    Last Post: 1st February 2007, 08:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •