Discussion:
Adding user with ZFS home directory
(too old to reply)
Starman
2010-05-31 16:21:47 UTC
Permalink
Hello:

On a server with UFS filesystems, I created user accounts as follows:

1) useradd -u <uid> -g <gid> -s /bin/<shell> -d /export/home/<new
user>
2) mkdir /export/home/<new user>
3) chown <new user>:group /export/home/<new user>
4) chmod 700 /export/home/<new user>

(umask is 077 in /etc/default/login).

On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
zfs create ? How are ownership and permissions of the
filesystem established ? A user filesystem should only be accessible
by that user.
Richard B. Gilbert
2010-05-31 18:53:43 UTC
Permalink
Post by Starman
1) useradd -u <uid> -g <gid> -s /bin/<shell> -d /export/home/<new
user>
2) mkdir /export/home/<new user>
3) chown <new user>:group /export/home/<new user>
4) chmod 700 /export/home/<new user>
(umask is 077 in /etc/default/login).
On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
zfs create ? How are ownership and permissions of the
filesystem established ? A user filesystem should only be accessible
by that user.
The terminology used here bothers me a little bit!

Users generally own files, not filesystems.
Starman
2010-06-01 09:19:34 UTC
Permalink
Post by Richard B. Gilbert
Post by Starman
1) useradd -u <uid> -g <gid> -s /bin/<shell> -d /export/home/<new
user>
2) mkdir /export/home/<new user>
3) chown <new user>:group /export/home/<new user>
4) chmod 700 /export/home/<new user>
(umask is 077 in /etc/default/login).
On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
zfs create ? How are ownership and permissions of the
filesystem established ? A user filesystem should only be accessible
by that user.
The terminology used here bothers me a little bit!
Users generally own files, not filesystems.
In the UFS case I outlined, the home directory /export/home/<user> is
owned by <user> with permissions
drwx------. I was wondering how things were in the case of ZFS "home
filesystems": When I did zfs create pool/<data set>/<user>, the /
export/home/<user> belonged to root and had permissions drwxr-xr-x.
Basically
what I found on docs.sun.com or on the web are plenty of examples on
filesystem manipulation (setting properties,
making snapshots, ...), but I could not find a simple example
illustrating a user account creation.
Richard B. Gilbert
2010-06-01 21:14:46 UTC
Permalink
Post by Starman
Post by Richard B. Gilbert
Post by Starman
1) useradd -u <uid> -g <gid> -s /bin/<shell> -d /export/home/<new
user>
2) mkdir /export/home/<new user>
3) chown <new user>:group /export/home/<new user>
4) chmod 700 /export/home/<new user>
(umask is 077 in /etc/default/login).
On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
zfs create ? How are ownership and permissions of the
filesystem established ? A user filesystem should only be accessible
by that user.
The terminology used here bothers me a little bit!
Users generally own files, not filesystems.
In the UFS case I outlined, the home directory /export/home/<user> is
owned by <user> with permissions
drwx------. I was wondering how things were in the case of ZFS "home
filesystems": When I did zfs create pool/<data set>/<user>, the /
export/home/<user> belonged to root and had permissions drwxr-xr-x.
Basically
what I found on docs.sun.com or on the web are plenty of examples on
filesystem manipulation (setting properties,
making snapshots, ...), but I could not find a simple example
illustrating a user account creation.
man adduser might be helpful. At least as far as any Unix documentation
can be considered helpful.
Hugo
2010-06-02 18:56:04 UTC
Permalink
Post by Starman
In the UFS case I outlined, the home directory /export/home/<user> is
owned by <user> with permissions
drwx------. I was wondering how things were in the case of ZFS "home
filesystems": When I did zfs create pool/<data set>/<user>, the /
export/home/<user> belonged to root and had permissions drwxr-xr-x.
File permissions work in the same way as they did for UFS - you apply the
same rules using chmod/chown etc.. Unless Im missing your point ?

Regards
Hugo
John D Groenveld
2010-05-31 23:02:49 UTC
Permalink
Post by Starman
On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
zfs create ?
Yes.
Post by Starman
How are ownership and permissions of the
filesystem established ? A user filesystem should only be accessible
The same manner.

I use automount to help let my users know on which server
their home directories reside:
$ cat /etc/auto_home
server.1 localhost:/export/home

# zfs create export/home/guy
# groupadd guy
# useradd -g guy -d /home/server.1/guy guy
# chown guy /home/server.1/guy
# chmod u+rwx,g-rwx,o-rwx /home/server.1/guy

John
***@acm.org
Starman
2010-06-01 09:56:12 UTC
Permalink
Post by John D Groenveld
Post by Starman
On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
zfs create ?
Yes.
Post by Starman
How are ownership and permissions of the
filesystem established ? A user filesystem should only be accessible
The same manner.
I use automount to help let my users know on which server
$ cat /etc/auto_home
server.1        localhost:/export/home
# zfs create export/home/guy
# groupadd guy
# useradd -g guy -d /home/server.1/guy guy
# chown guy /home/server.1/guy
# chmod u+rwx,g-rwx,o-rwx /home/server.1/guy
John
Thanks for this step by step description. As the "zfs create" step
(performed by root) makes the /export/home/guy
the property of root, would setting ZFS ACL properties be handy to
attribute ownership of files/directories to "guy"
and restrict access of the filesystem to other users, instead of
chown'ing and chmod'ing ?
Richard B. Gilbert
2010-06-05 02:09:51 UTC
Permalink
Post by Starman
Post by John D Groenveld
Post by Starman
On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
zfs create ?
Yes.
Post by Starman
How are ownership and permissions of the
filesystem established ? A user filesystem should only be accessible
The same manner.
I use automount to help let my users know on which server
$ cat /etc/auto_home
server.1 localhost:/export/home
# zfs create export/home/guy
# groupadd guy
# useradd -g guy -d /home/server.1/guy guy
# chown guy /home/server.1/guy
# chmod u+rwx,g-rwx,o-rwx /home/server.1/guy
John
Thanks for this step by step description. As the "zfs create" step
(performed by root) makes the /export/home/guy
the property of root, would setting ZFS ACL properties be handy to
attribute ownership of files/directories to "guy"
and restrict access of the filesystem to other users, instead of
chown'ing and chmod'ing ?
The simple and straightforward way to handle this is chown and chmod!
ACL stands for Access Control List which is a way to grant or deny
rights to the file to "Smith, Robinson, and Jones" and ONLY those three
individuals. You can "mix and match" to grant or deny access to
individuals and/or groups.

ACLs are a special purpose thing, very useful when you need it. You can
ignore it if you don't need it.
Cydrome Leader
2010-06-06 06:01:52 UTC
Permalink
Post by Starman
1) useradd -u <uid> -g <gid> -s /bin/<shell> -d /export/home/<new
user>
2) mkdir /export/home/<new user>
3) chown <new user>:group /export/home/<new user>
4) chmod 700 /export/home/<new user>
(umask is 077 in /etc/default/login).
If you ran useradd with the -m flag it would create the home dir for
you.
Post by Starman
On a new server, I want the home directories of users to be ZFS
filesystems; what is the order of the operations: useradd first, then
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Andreas Fenner
2010-06-09 21:27:39 UTC
Permalink
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?


Andreas
--
A: Weil es die Lesbarkeit des Textes verschlechtert.
F: Warum ist TOFU so schlimm?
A: TOFU
F: Was ist das größte Ärgernis im Usenet?
Udo Toedter
2010-06-10 07:37:08 UTC
Permalink
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
If you have thousands of users and these maybe with several snapshots the time
for shutdown and startup of a system will dramatically increase.

Udo
--
+-----------------------------------------------------------------+
|Udo Toedter| FSU Jena|Email: |Phone +493641940532|
| | URZ |***@uni-jena.de|FAX +493641940632|
+-----------------------------------------------------------------+
Andreas Fenner
2010-06-12 10:41:30 UTC
Permalink
Post by Udo Toedter
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
If you have thousands of users and these maybe with several snapshots the time
for shutdown and startup of a system will dramatically increase.
Udo
Good point - but, how often did you reboot a solaris-server with
homedirs of thousends of users? Our SUN-Server are normally running
nearly endless *g*

Andreas
--
A: Weil es die Lesbarkeit des Textes verschlechtert.
F: Warum ist TOFU so schlimm?
A: TOFU
F: Was ist das größte Ärgernis im Usenet?
Cydrome Leader
2010-06-13 05:35:39 UTC
Permalink
Post by Andreas Fenner
Post by Udo Toedter
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
If you have thousands of users and these maybe with several snapshots the time
for shutdown and startup of a system will dramatically increase.
Udo
Good point - but, how often did you reboot a solaris-server with
homedirs of thousends of users? Our SUN-Server are normally running
nearly endless *g*
Andreas
would you add hundreds or thousands of entries to vfstab?

if not, why would you want them with ZFS?

It just makes no sense.

It's as silly as making some NFS server with a separate share for each
user instead of the root directory they live in. There's just no good
reason to do so.
Michael Vilain
2010-06-13 06:43:51 UTC
Permalink
Post by Cydrome Leader
Post by Andreas Fenner
Post by Udo Toedter
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
If you have thousands of users and these maybe with several snapshots the time
for shutdown and startup of a system will dramatically increase.
Udo
Good point - but, how often did you reboot a solaris-server with
homedirs of thousends of users? Our SUN-Server are normally running
nearly endless *g*
Andreas
would you add hundreds or thousands of entries to vfstab?
if not, why would you want them with ZFS?
It just makes no sense.
It's as silly as making some NFS server with a separate share for each
user instead of the root directory they live in. There's just no good
reason to do so.
Yet, it's perfectly reasonable to make a NFS server filesystem, put user
directories on it, and access them from automounter. My only concern
with using a separate ZFS filesystem for each user that gets automounted
when the user logs in or you cd to the directory is "how well does this
scale?" Can a system deal with 10,000+ ZFS filesystems? If mail is
delivered to an mbox file in each user's in directory, how well does
that work? Having 10,000+ inbox files in /var/mail would suck
performance-wise,require making /var very big, and not scale very well.
I've had long discussions with friends who insist on keeping everything
in their inbox file rather than filing it away. They refuse to change
that behavior, figuring that if their ISP doesn't like it, they'll go
elsewhere.

How well does ZFS for automounted user directories work? Can it work
like non-locally hosted NFS filesystems? Other than keeping a quota for
user directories, I don't see any value of using a ZFS filesystem for
individual user directories. Quotas as they are now implemented, by
filesystem, are good enough.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]
Cydrome Leader
2010-06-14 15:47:19 UTC
Permalink
Post by Michael Vilain
Post by Cydrome Leader
Post by Andreas Fenner
Post by Udo Toedter
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
If you have thousands of users and these maybe with several snapshots the time
for shutdown and startup of a system will dramatically increase.
Udo
Good point - but, how often did you reboot a solaris-server with
homedirs of thousends of users? Our SUN-Server are normally running
nearly endless *g*
Andreas
would you add hundreds or thousands of entries to vfstab?
if not, why would you want them with ZFS?
It just makes no sense.
It's as silly as making some NFS server with a separate share for each
user instead of the root directory they live in. There's just no good
reason to do so.
Yet, it's perfectly reasonable to make a NFS server filesystem, put user
directories on it, and access them from automounter. My only concern
I was going one step ahead, create a separate export for each user. It's
the cool ZFS way!
Post by Michael Vilain
with using a separate ZFS filesystem for each user that gets automounted
when the user logs in or you cd to the directory is "how well does this
scale?" Can a system deal with 10,000+ ZFS filesystems? If mail is
delivered to an mbox file in each user's in directory, how well does
that work? Having 10,000+ inbox files in /var/mail would suck
performance-wise,require making /var very big, and not scale very well.
I've had long discussions with friends who insist on keeping everything
in their inbox file rather than filing it away. They refuse to change
that behavior, figuring that if their ISP doesn't like it, they'll go
elsewhere.
Anybody using mbox stuff leaves to leave the 1990s. mbox stuff has no
place these days unless somebody is running a 12 user system with no
internet access, or they keep their mail use under a few MB.

When setup correctly, a single and somewhat dusty imap server serving
hundreds of concurrent connections and holding millions of messages is not
too big of a deal. The trick though is use maildirs and have people not
have an inbox of tens of thousands of messages. If they store them away in
other folders, that's great and performace isn't an issue.

you just can't do this with mbox nonsense.
Post by Michael Vilain
How well does ZFS for automounted user directories work? Can it work
like non-locally hosted NFS filesystems? Other than keeping a quota for
user directories, I don't see any value of using a ZFS filesystem for
individual user directories. Quotas as they are now implemented, by
filesystem, are good enough.
not sure about this. I don't deal with environments where anybody would
use an automounter. THere's probably a total of 16 people worldwide that
still have a sun workstation at their desk and aren't running a hardware
museum.
Cydrome Leader
2010-06-11 00:08:31 UTC
Permalink
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
The real challenge is to explain why it's smart.
Martin Paul
2010-06-11 06:51:30 UTC
Permalink
Post by Cydrome Leader
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
The real challenge is to explain why it's smart.
I like being able to see instantly how much disk space any user
allocates in his home directory.

mp.
--
SysAdmin | Institute of Scientific Computing, University of Vienna
PCA | Analyze, download and install patches for Solaris
| http://www.par.univie.ac.at/solaris/pca/
Cydrome Leader
2010-06-11 18:46:24 UTC
Permalink
Post by Martin Paul
Post by Cydrome Leader
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
The real challenge is to explain why it's smart.
I like being able to see instantly how much disk space any user
allocates in his home directory.
I like the du command too.
Martin Paul
2010-06-14 07:50:46 UTC
Permalink
Post by Cydrome Leader
Post by Martin Paul
Post by Cydrome Leader
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
The real challenge is to explain why it's smart.
I like being able to see instantly how much disk space any user
allocates in his home directory.
I like the du command too.
Me too, but obviously "instantly" has a different meaning for you than
for me.

mp.
--
SysAdmin | Institute of Scientific Computing, University of Vienna
PCA | Analyze, download and install patches for Solaris
| http://www.par.univie.ac.at/solaris/pca/
Greg Andrews
2010-06-14 17:56:20 UTC
Permalink
Post by Martin Paul
Post by Cydrome Leader
Post by Martin Paul
Post by Cydrome Leader
Post by Andreas Fenner
Post by Cydrome Leader
....
creating a ZFS filesystem for each user is stupid, even if sun says it's
awesome. It's not.
Please explain why this is stupid?
The real challenge is to explain why it's smart.
I like being able to see instantly how much disk space any user
allocates in his home directory.
I like the du command too.
Me too, but obviously "instantly" has a different meaning for you than
for me.
For the sake of a minor convenience, you have decided to hunt mosquitoes
with a machine gun.

Instantaneous readings of a user's disk space consumption are not
high on my priority list. In fact, it's far below the simplicity
of my server configurations. It's the simplicity that makes my
servers scalable, flexible, managable and understandable to other
admins - not using df in place of du.

-Greg
--
Do NOT reply via e-mail.
Reply in the newsgroup.
Loading...