Author Topic: Sambahelper, unix and pluto users, and home dirs.  (Read 2415 times)

mkbrown69

  • Guru
  • ****
  • Posts: 213
    • View Profile
Sambahelper, unix and pluto users, and home dirs.
« on: January 03, 2010, 05:49:00 am »
Hi Folks!

First of all, Happy New Year to all!  All the best to ya for 2010!

I'm plodding along with my setup and testing LinuxMCE in KVM, and trying to understand some things so I can properly merge my existing environment with my future LinuxMCE environment.  One of the things I'm wanting to leverage is the NIS (Network Information Services) for centralized user management, as I'm wanting to have Unix user logins/homes available.  Here's how NIS and the various user types appear to be configured in LinuxMCE based on poking around my systems:

UIDs 0-999: root and Normal Linux service accounts, generally no shell/login for service accounts
UIDs 1000-9999: Unix User accounts, shell and login, merged into NIS passwd maps.
UIDs 10000+: Pluto User accounts, no shell or login, merged into NIS passwd maps.

So, generally it all makes sense, and is a normal Linux environment.  The pluto users don't get login capability, and their homes will never fill up with Unix stuff like dotfiles.  Now, here's the problem or what I don't understand.  A user gets created on the core called "sambahelper" that gets the next available UID in the Unix users range, and it gets pushed into the NIS passwd map.  That same "sambahelper" also gets created on MD's using the first available UID, which may not be the same as the one on the core, or in NIS, as it appears that the user is created using the useradd command without the -u switch.  

Here's what my install looks like right now...

CORE: /etc/passwd
mkbrown:x:1000:1000:Michael Brown,,,:/home/mkbrown:/bin/bash
sambahelper:x:1001:1001:Pluto Samba Share Helper:/tmp:/bin/false

MD: /etc/passwd
sambahelper:x:1000:1000:Pluto Samba Share Helper:/tmp:/bin/false

NIS: (ypcat passwd)
mkbrown:x:1000:1000:Michael Brown,,,:/home/mkbrown:/bin/bash
sambahelper:x:1001:1001:Pluto Samba Share Helper:/tmp:/bin/false

So, when I ssh into an MD as mkbrown, I end up with the following:
sambahelper@moon31:~$ id
uid=1000(sambahelper) gid=1000(mkbrown) groups=4(adm),20(dialout),24(cdrom),46(plugdev),112(lpadmin),119(admin),120(sambashare),1000(mkbrown)

Would it not be better to have this "sambahelper" user set to a lower UID, like 999, so it's not pushed into NIS?  This could likely cause a lot of problems with file permissions, but I'm not familiar with the role of the "sambahelper" user...  Should "sambahelper" even be in NIS?  Seems more like a service account to me... Should I file a bug report to set it to something like UID 999?

I also noticed that the mythtv user was not getting the same UID on the MD as was on the core, but was sharing the same home directory?  Problem?  Bug report?

Now, a question about home directories.  The pluto user homes (user_#) are obviously for Samba shares for Windows users, and are primarily for media storage (especially for personal media when you enter your PIN into an Orbiter/MD.  If I create Unix users and want to avoid duplication, could I add my Unix user to the pluto_user's group (or vice versa) and symlink the various media folders to the other home directory?  Would this break anything?  I know Thom doesn't want us fighting the system, so I'd like to figure out how to work with it without duplicating effort or damaging anything!

Thanks for your time!

/Mike
« Last Edit: January 03, 2010, 05:59:12 am by mkbrown69 »