Re: Creating users "on - the - fly"

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I guess I didn't want to litter the users table either - it just seems
"wrong" to be actually adding things to the host when it is really so
transient.  It feels like it should be LDAP-ish.  Just ask the server
for the keys and do a one-off authentication.  But I've seen even LDAP
creates the user directories.

I see that 2.6 kernels can have some 4B users, which should last me a
while.   But it is a bit more work and plumbing to try to keep things
in sync.

I'm a bit / very idealistic though - so I guess I'll keep rooting
around.  I'm ok writing a PAM module if that's what I needed.  But I
have a feeling there's a good bit more to it. And without someone know
"knows " - that can be a very long rabbit trail :)

Hrm....



On Fri, Feb 6, 2015 at 12:52 PM, Daniel Kahn Gillmor
<dkg@xxxxxxxxxxxxxxxxx> wrote:
> On Fri 2015-02-06 12:41:38 -0500, Cary FitzHugh wrote:
>> The trouble is that the user isn't created on the machine beforehand.
>> But I actually don't want the user created, b/c I don't want to litter
>> all these servers with little user directories.    Users may be
>> transient as well - so littering the directories of these machines
>> with tons of data just causes many other problems (running out of
>> inodes, disk-space, etc).
>
> If this is your only concern, most systems don't require that a user
> have a unique home directory at all.  You could create a /home/nobody
> which is unusable by anyone, and populate the systems's user table with
> users (maybe via some sensible nameservice switch module) pointing at
> that directory as their homedir.
>
> In other words, i don't think this is an ssh problem, it can be solved
> directly in other parts of your OS.
>
>          --dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux