NFS home for multiple computers

Question

I'm here to ask something that is taking me a lot of time and now I don' t know how to continue, and this is a really big(and awesome) community.

Well, the problem is that I'm trying to do a distributed Linux system for schools and universities, It takes the SquashFS from an Apache server, the initrd and kernel loaded via TFTP and when it starts, it loads all the system in the RAM. The idea is to make as secure as possible, and when the computer turns off, all the data of the system is clean, but the problem is with the home folder...

The home folder is in a NFS server, and I'm trying to make different folder for each user, using the MAC address of the computer to create a folder in the NFS server and connect to it, but i don't know how to pass the MAC address on boot-time to create the folder in first time, and if the home folder of this MAC exists, connect to it, using fstab like now with a user-proof folder.

Thanks in advance!

`I'm trying to make different folder for each user, using the MAC address of the computer to create a folder in the NFS server and connect to it` - What if more than one user logs onto the same computer? What if one user logs on to multiple computers? If you're trying to create folders for users why are you using the MAC address of the computer? Why don't you use the username of the user to create the home folder? — joeqwerty, Jan 12 '17 at 12:17
I'm getting a bit messy, because it' s a better idea to make a big /homes directory in the NFS and when user logs in, the server gives him his home directory... Well, no idea how to do that, but I'll try to do it... Thanks for your helping and any recommendation is welcome — Brokes, Jan 12 '17 at 12:37

user394646 · Accepted Answer · 2017-01-12T15:17:46.223

I've done a very similar thing for a MythTV system. Each diskless frontend machine netboots using DHCP PXE and TFTP. System is running Ubuntu 16.04 LTS. (IP 1.1.1.1 is the client machine and 2.2.2.2 is the server)

In /etc/dhcp/dhcpd.conf IP and hostname is assigned based on MAC:

group {
    use-host-decl-names on;  #forces hostname to host
    host bedroom {
        hardware ethernet 00:00:00:00:00:00;
        fixed-address 1.1.1.1;
    }
}

TFTP calls a mount script upon boot init, which mounts an NFS home based on the hostname. I used hostname for readability when browsing the folder structure; you could parse the MAC and use it for the folder name. TFTP pxelinux.cfg default file:

LABEL linux
  DEFAULT vmlinuz-4.4.0-53-generic root=/dev/nfs initrd=initrd.img-4.4.0-53-generic nfsroot=2.2.2.2:/pxeroot init=/boot/mountscript.sh ip=dhcp rw

mountscript.sh:

#!/bin/bash
HOSTNAME=`hostname`
MOUNT_OPTS="rw,intr,async,bg,tcp"
mount -t nfs 2.2.2.2:/path/to/homes/home-${HOSTNAME} /home -O MOUNT_OPTS

exec /sbin/init </dev/console >/dev/console 2>&1

Also, /etc/exports has NFS export settings which map the required home folder to the unique static IP address:

/path/to/homes/home-bedroom 1.1.1.1(rw,async,insecure)

New homes folder and the NFS export entries for each new machine must be added manually.

Please note: this example applies to single-use, single-user machines that store some unique configuration info (IR commands for the TV it's attached to, mostly) in the home folder. It achieves your stated goal of a home folder per MAC, but I suspect that home folder per user is what you're actually looking for as joeqwerty mentions. This solution would not allow a user to log into any machine, and would require home folders to be created per-user, per-machine. That also means that without a messy web of symlinks, there'd be no easy way to access the same files on different computers.

Thx Calmor! I´m working on it and adding some LDAP stuff for having user/group control. — Brokes, Jan 13 '17 at 23:52
I'd definitely say LDAP and home folders accessible by user is a better option, but might want to research the best practices for security. One option is to just mount the whole home folder and rely on permissions to access your user, but that could give other users the first key toward access if the can get the list of user names. After boot there's also the option to mount run a mount script on login — user394646, Jan 14 '17 at 00:12
I´m using now the OpenLDAP + NFS + PHP LDAP admin configuration, and it works so well, but now I´m still thinking about the network security, maybe a VPN through the client and the server... I need to think about it... — Brokes, Jan 14 '17 at 00:53
VPN won't give you anything for local clients. VPN just gives you a tunnel from the remote network to the local network. — user394646, Jan 14 '17 at 01:02
Yeap, i was talking about increasing security on the network ;) — Brokes, Jan 14 '17 at 01:09

NFS home for multiple computers

1 Answers1