Re: Network home folders slow-down (redirecting cache?)




On 15/02/2006, at 8:43 AM, Nathan Zamprogno wrote:

At 8:30 AM +1100 15/2/06, Nigel Kersten wrote:

A good general purpose thing to do for network home directories is to put a LoginHook that redirects ~/Library/Caches (on the network home directory) to /Library/Caches/username (on the local hard drive).

Can you do that? I regularly perform maintenance on our server when it seems "clogged up". A search and delete of the Safari cache folder alone for our 700+ networked-home-folder users can purge over 400,000 unwanted files from the server. Having all cache files reside locally would be a boon.


How do we do this? Can you share the specifics?

Sure. Have you looked at LoginHooks?

Basically they are a shell script that gets passed the variable $1 as the username of the user who is logging in and executed before login finishes.

As we have a combination of local, mobile and network users, I have a LoginHook that distinguishes between them, as I want to do different things for the different users, like forcing new mobile users to have their home directory at /Volumes/Storage/Users, not /Users.

Here's a snippet of a script that would redirect caches for only network users. I've kind of pieced this together from our SOE LoginHook, pulling out bits that aren't relevant, so I ****haven't actually tested this at all****. There may be some bugs...

Oh, and I'm using the dscl "/Search" node here, but we actually hard- wire the LDAPv3 node. It should be safe to use the search node, as that section of the script shouldn't be running for any local or mobile users, but I prefer to hardwire it myself as "/LDAPv3/ your.od.domain".

----------start

#!/bin/sh
#

lookup_local=$(niutil -read . /users/$1 2> /dev/null)

if [ "$lookup_local" != "" ]; then
# this will grab local and mobile users, as they're both strictly 'local' users.
auth_prop=$(niutil -readprop . /users/$1 authentication_authority 2> /dev/null | grep LocalCachedUser)
if [ "$auth_prop" != "" ]; then
# Do your stuff for mobile users here.
logger "LoginHook: Starting for Mobile Account - $1"
else
# Do your stuff for local users here.
logger "LoginHook: Starting for Local Account - $1"
fi
else
# Do your stuff for network users here.
logger "LoginHook: Starting for Network Account - $1"
home_loc=$(dscl /Search -read /Users/$1 homeDirectory | sed 's| homeDirectory: ||g')
/bin/mkdir -p /Library/Caches/$1
/usr/sbin/chown $1 /Library/Caches/$1
/usr/bin/sudo -u $1 /bin/chmod 700 /Library/Caches/$1
/usr/bin/sudo -u $1 /bin/rm -Rf $home_loc/Library/Caches
/usr/bin/sudo -u $1 /bin/ln -s /Library/Caches/$1 $home_loc/ Library/Caches
fi


logger "LoginHook: Finished for - $1"

----------end

If you save this as /Library/LoginHooks/loginhook.sh and make it executable (and protect it appropriately!) you can then issue a command like:

sudo defaults write com.apple.loginwindow LoginHook /Library/ LoginHooks/loginhook.sh

and it will run this script as each user logs in. The 'logger' lines will print to syslog.

We also do some similar stuff with the Temporary Items folder that Office uses, and due to a problem we were having at one point we also trash the mcx cache, although I don't think we actually need to do that anymore.

Oh, and if you're binding to the directory, you can actually save these in the directory using Workgroup Manager. Mike's sent me some defaults commands that will supposedly let you enable MCX login scripts for machines that aren't actually binding to the directory, but I haven't tested them yet.


-- Nigel Kersten [Senior Technical Officer] College of Fine Arts, University of NSW, Australia. CRICOS Provider Code: 00098G


Copyright © 2006 Apple Computer, Inc. All rights reserved.