Novell Home

Auto-mounting of Drives during Linux Login

Novell Cool Solutions: Tip
By Peter Van den Wildenbergh

Digg This - Slashdot This

Posted: 16 Mar 2005
 

Recently we posted an article on Cool Solutions (http://www.novell.com/coolsolutions/nds/features/a_integrate_nds_k12ltsp_edir.html) that helps you mount a user's NDS home directory as a Linux /home/user directory. Author Peter Van den Wildenbergh (ltsp <@> criticalcontrol <.> com) has a new twist to add, to take it a step further ...


The original solution works fine, but it doesn't give the user access to shares on an NDS volume from his/her Linux desktop. Although those shares can be mounted manually by the user after authentication and login to the Linux desktop of choice, it would be nice to do the mounting for the user during login.

This can be done using some extra parameters in the PAM line used to authenticate and mount the home directory. In the above Cool Solutions article, the PAM line looks like this:

auth sufficient /lib/security/pam_ncp_auth.so -a -zAX3
-A -m -d -l -L -u,,r,gcds ndsserver=LTSP:CC

If we expand the -z option, we get the neccessary components to mount a user's share(s). For example:

auth sufficient /lib/security/pam_ncp_auth.so -a -zANOPX034 
-A -m -d -l -L -u,,r,gcds ndsserver=LTSP:CC

By adding the characters NOP and the numbers 0 and 4, we instruct the PAM module to do the following:

  • NOP: Create (overwrite if exists) a ~/.nwclient file containing the user's password in PLAIN text.
  • 0: Execute the custom file /usr/local/bin/zenscript0 at login time.
  • 4: Execute the custom file /usr/local/bin/zenscript4 when the user logs off
  • .

Scripts 0, 1, and 2 are called at login time; scripts 3,4, and 5 are called at logoff time. Because this .nwclient file is created before zenscript0 is called, we can work our magic as follows:

In zenscript0 we:

  • Read the plain text password and other information.
  • Delete the ~/.nwclient file for security reasons
  • .
  • Mount the share (assume it is known as the S-drive) and make a symLink from within a users /home to the mounted share.

In zenscript4 we unmount the share.

Example of zenscript0

#!/bin/bash
 
declare Z1NDSUID=""
declare Z1USER=""
declare Z1NDSGROUP=""
declare Z1NDSUSER=""
 
Z1NDSUID=` cat ~/.nwinfos | grep NDS_UID | cut -d'=' -f2`
Z1USER=` cat ~/.nwinfos | grep NDS_USER | cut -d'=' -f2 `
Z1NDSGROUP=` cat ~/.nwinfos | grep NDS_PREFERRED_NAME_CTX | cut -d'=' -f2 `
Z1NDSUSER=".$Z1USER.$Z1NDSGROUP"
 
Z1NDSPASSWD=` cat ~/.nwclient | grep HHS_FS | cut -d' ' -f2 `
# Remove the PASSWORD!
rm -f ~/.nwclient
 
echo "NDS_SHARE_USER=$Z1NDSUSER" >> ~/.nwinfos
echo "NDS_LOGOFF_SHARES=$Z1USER" >> ~/.nwinfos
 
if [ ! -d "/mnt/ncp/shares/S/$Z1USER" ] ; then
  mkdir "/mnt/ncp/shares/S/$Z1USER" -p
fi
 
/usr/local/bin/ncpmount -U $Z1NDSUSER -P $Z1NDSPASSWD -S HHS_FS -A 
HHS_FS -V ACCT: -m -o symlinks,exec -u $Z1NDSUID -c $Z1NDSUID
-f 0666 -d 0777 /mnt/ncp/shares/S/$Z1USER
 
ln -s -f "/mnt/ncp/shares/S/$Z1USER/" ~/S-drive
 
exit 0

Example of zenscript4

#!/bin/bash
 
Z1SHARENAME=` cat ~/.nwinfos | grep NDS_LOGOFF_SHARES | cut -d'=' -f2 `
/usr/local/bin/ncpumount "/mnt/ncp/shares/S/$Z1SHARENAME"
/usr/local/bin/ncpumount "/mnt/ncp/shares/I/$Z1SHARENAME"
 
exit 0

Notes

If a user deletes the ~/.nwinfos file during the session, zenscript4 will fail, leaving the shares mounted.

This solution runs in a school environment, where little script-kiddies do "evil things." A CRON job that runs every night can umount everything ... Another solution would be to make the ~/.nwinfos owned by ROOT and read only. THis can be done inside zenscript0.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell