Results 1 to 5 of 5
Well, I have a Desktop server. And a App server. As Described here: http://www.linuxforums.org/forum/cof...tml#post530281 How can I make the programs save all the settings on the Desktop server instead on ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-19-2007 #1
And a App server.
As Described here:
How can I make the programs save all the settings on the Desktop server instead on the app server? (eg I want Firefox to save everything on the Desktop server instead of the app server).
Remember you connect to the DesktopServer and then you fetch from that point the program
So that every Desktop user has his own settings?
Well I know Windows can do it..
I think its called Active Directory - Wikipedia, the free encyclopedia In Windows.
Not sure though.
- 11-19-2007 #2
In Linux, apps have always had to behave themselves (this is not a bolt-on extra) inasmuch as they have to write their settings to the users home directory (i.e. the only place the user has guaranteed write access), i.e. ~<username>.
The trick is to put the /home partition on the app server, and nfs-mount it to your desktop server. That way all the user's settings (not just their app settings) go onto the app server.
You don't need Active Directory or LDAP to do this, it's a simple matter. The only 'gotcha' is that you need to ensure that the app server and desktop server have the same user id's and group id's for the users. The easiest way to do this is through a service like NIS, but you could just copy the /etc/passwd, /etc/shadow and /etc/groups between the machines if you need a quick-and-dirty fix. You could also implement other UID/GID sharing schemes such as LDAP or a Radius server, but NIS is dead easy and is very suitable if you have a low-use network and no security issues (i.e. a small staff team using it).
- 11-19-2007 #3
Ok, thanks a lot
Ill look into that. The problem is that the PC doesnt have partitions since its a OpenVZ box..
But I might be able to tweak this something.
Well, ok so for the Desktop server (wich is diffrent for EACH user) I have to make a Parition (HOME) and enable nfs-mount for when USER connects to the app-server.
Ill do that then Ill hope it works and if it does (or doesnt) ill enlight you.
Its ment to be really secure. So I cant just copy the passwd.
Other users cant know there are other users on the system aswell.
But, wait I just got a problem..
When I have on the App server the Home partion there is just ONE of them there.
So, Basicly if I nfs-mount them to the /desktopserver/home/user
they still see eachothers settings? And Browsing History (and that CANT happen..)
Any other ideas?
- 11-19-2007 #4
EEk, now you're getting into the realms of hyper security.
The solution you probably want is to make each logged-on user think they're running on their own host, rather than on the same host as everyone else. You can do this by using a chroot jail (see chroot on wikipedia).
You can also use automount to mount only the home directories of the logged in users if you like. On my network I mount the whole of /home from my server on the two desktops because the config is simpler and I don't have any security issues. I use automount for the laptop, so it only mounts shared directories as needed.
- 11-19-2007 #5
So they all get a Virtual Envoirment were they arnt root.
I have been doing that as the first idea. Since Linux cant Hide Folders.
Anyhow, We user OpenVZ to 'chroot' its more secure then Chroot every user your self.
So they'll have there own home folder there.
Give the users there RANDOM names and remove all the read functions from it.
ANd then on a connect they mount to the home of the desktop server from that user.
I hope that is a good way to fix this.
Thanks a lot (You are a real help)
I just talked about this with my boss.
Well we cant think of a good solution.
So the idea that we want that every user has its own files.
Cant see that there are other users (or at least cant find there names so we can work with UID)
And, we want to encrypt every users Enigmail (OpenPGP for Thunderbird)Settings with Truecrypt.
Basicly the main goal is to make it secure for each user that nobody can read there files (Not even Root).. (AES254 will settle that)
Further we need to make sure that the systems CPU doesnt get to much problems. So running a Virtual PC for each user is out of the Question.
We really need ONE application server since so that the CPU only has a hard time once when it starts.
Already I want to Thank Roxoff a lot. He already helped.
Is there somebody else who has a good idea to fix/set this up this?
After doing lots of thinking I thought of this Scheme:
Each User gets a diffrent UID on the AppSrv and signs in that with SSH -x.
When they do that a NFS mounts for the user that makes the statement true that the Settings are diffrent for each user and that they are saved in the home folder of the usr.
In the HomeFolder Ill drop a TrueCrypt (On-the-Fly Encryption) Container that mounts in the /home/usr/.mozilla (firefox) and /home/usr/.thunderbird (Thunderbird).
If Ill do it this way even a Root cant access the data/browse history of the user without knowing the password right?
I wont get that the data is copyed in clear text since they are saved in a sub-partition of home?