In Trusted Extensions, users need access to their home directories at every label at which the users work. To make every home directory available to the user requires that you create a multilevel home directory server, run the automounter on the server, and export the home directories. On the client side, you can run scripts to find the home directory for every zone for each user, or you can have the user log in to the home directory server.

Create the Home Directory Server in Trusted Extensions

Before You Begin

You are in the root role in the global zone.

Add Trusted Extensions software to the home directory server and configure it.
- Because users require a home directory at every label that they they can log in to, create every zone that a user can log in to. For example, if you use the default label_encodings file, you would create a zone for the PUBLIC label.
For every labeled zone, follow the automount procedure in How to NFS Mount Files in a Labeled Zone. Then, return to this procedure.
Verify that the home directories have been created.
1. Log out of the home directory server.
2. As a regular user, log in to the home directory server.
3. In the login zone, open a terminal.
4. In the terminal window, verify that the user's home directory exists.
5. Create workspaces for every zone that the user can work in.
6. In each zone, open a terminal window to verify that the user's home directory exists.
Log out of the home directory server.

Enable Users to Access Their Home Directories in Trusted Extensions

Users can initially log in to the home directory server to create a home directory that can be shared with other systems. To create a home directory at every label, each user must log in to the home directory server at every label.

Alternatively, you, as administrator, can create a script to create a mount point for home directories on each user's home system before the user first logs in. The script creates mount points at every label at which the user is permitted to work.

Before You Begin

The home directory server for your Trusted Extensions domain is configured.

Choose whether to allow direct login to the server, or whether to run a script.
- Enable users to log in directly to the home directory server.
  1. Instruct each user to log in to the home directory server.
    After successful login, the user must log out.
  2. Instruct each user to log in again, and this time, to choose a different login label.
    The user uses the label builder to choose a different login label. After successful login, the user must log out.
  3. Instruct each user to repeat the login process for every label that the user is permitted to use.
  4. Instruct the users to log in from their regular workstation.
    Their home directory for their default label is available. When a user changes the label of a session or adds a workspace at a different label, the user's home directory for that label is mounted.
- Write a script that creates a home directory mount point for every user, and run the script.
```
#!/bin/sh
#
for zoneroot in `/usr/sbin/zoneadm list -p | cut -d ":" -f4` ; do
    if [ $zoneroot != / ]; then
        prefix=$zoneroot/root/export
    
        for j in `getent passwd|tr ' ' _` ; do
            uid=`echo $j|cut -d ":" -f3`
            if [ $uid -ge 100 ]; then
                gid=`echo $j|cut -d ":" -f4`
                homedir=`echo $j|cut -d ":" -f6`
                mkdir -m 711 -p $prefix$homedir
                chown $uid:$gid $prefix$homedir
            fi
        done
    fi
done
```
  1. From the global zone, run this script on the NFS server.
  2. Then, run this script on every multilevel desktop that the user is going to log in to.

Skip Navigation Links
Exit Print View
	Oracle Solaris Trusted Extensions Configuration and Administration Oracle Solaris 11 Express 11/10