using global zone /export/home in non-global zone
i have a global zone called zia and two non-global zones called theta, pheta.
both theta and pheta zones are owned by the same customer. I adding the /export/home filesystem to both of the zones. i can create a user fine in each zone with the /export/home directory from global.
when i cd into the theta/pheta zone directory from the global it shows numbers in place of the uid/gid. Security does not like this. Is this fixable. I do not want to create users in the global zone but i do want users in the non-global zone using /export/home from global. The uid/gid association is stopping me though. Security wants every uid/gid accounted for..
[664 byte] By [
cornbreada] at [2007-11-27 2:04:48]
# 1
If you want to resolve the account in the global zone, then you must have the account present there. 'ls' is using the system accounts to show the name. No account, no name to show.
All a "user" really is is a mapping from a UID to a name, and additional password/shell/homedir information. You can make the password, shell, and home directory all invalid. The only thing left is the fact that you can map from one to the other, and that the name will appear if you list all accounts on the machine.
If it came down to it, I'd probably rather have the account with a disabled password and shell present than leave a hole. That gives visibility to the UIDs and makes it less likely that someone would accidentally assign the same UID to a different account in the global zone later.
--
Darren
