There are different aspects to consider in tailoring the user environment to operate holistically in an open systems network.  One major architectural difference between open systems and MS Windows is that applications, for the most part are dependent on a local registry database that a packaged application plants its configuration.  Historically with traditional UNIX environments, there is only a text file that contains it's configuration information, whether a set of key/value pairs or a simple shell file assigning values to variables.  

 

More modern versions of UNIX, including Linux has implemented a packaging system in order to inventory locally installed OS and software components.  These systems only store meta data as opposed to being a repository for configuration data that provides structure for the inventory of software installed and related dependencies.  Overall, there is no "registry" per se as in a Windows environment where the local registry is required.  Execution is solely dependent on a binary being executed through the shell environment.  The binary can be stored locally or on a network share and effectively be executable.  The argument against this execution architecture is over control and security for applications running off a given host since realistically a user can store an executable in their own home directory and execute it from that personal location.  This can be controlled to a certain extent though not completely by restricting access to compilers, the filesystem and means to external storage devices.  

Consideration for architecting the overall operating environment can be categorized in these areas:

  • Application or service running on the local host and stored somewhere
  • OS or variants due to the OS layout and installation
  • Aspects directly related to work teams
  • Aspects related to the personal user computing experience.

Each of these areas need to be a part of an overall design for managing the operating environment and user experience working in the operating environment.

The most easily is managing the application environment.  The scope is fairly narrow and particular to a single application to execute on a single host.  Since there is no common standard around setting the process environment and launching an application, there is a need for the application administrator to establish a standard for managing how the environment is set and launched - i.e. provide a wrapper script around each application, executed from a common script directory.  With purchased applications, they may or may not provide context around their own wrapper.  Having a common execution point makes it easier to administrate, particularly when there is software integrated with others.  I've seen some creative techniques where a single wrapper script is used that sources its environment based on an input parameter on the wrapper script.  These generally, though logical, become complicated since there are as many variations for handling the launch of an application as there are application developers.

All OS's have a central shell profile ingrained into the OS itself depending on the shell.  I have found that it is best to leave these alone.  Any variations that is particular to the OS environment due to non-OS installation on the local host needs to be managed separately and that aspect is factored into the overall user or application execution environment.  Another kink with managing a network of varying OS variants is providing a single profile that compensates for the differences between OSs.  For example a common command might be located in /usr/bin on one OS variant but exist in /opt/sfw/bin on another.  Based on the OS variant, the execution path would need to factor in those aspects that are unique to that variant.

 Work teams may have a common set of environment elements that are particular only to their group but should be universal to all members of that team.  This is another aspect to factor into the overall profile management.

Finally, the individual user has certain preferences such as aliases they desire to define and use that apply only to themselves.  From a user provisioning standpoint, a template is used to create the user oriented profile.  The difficulty is in the administration of a network of users who all wind up with their own version of the template first provisioned into their home directory.  This complicates desktop support as profiles are corrupted or become stale with the passage of time.  I have found it wise to provide a policy surrounding maintaining a pristine copy of the templated profile in the user's home directory but provide a user exit to source a private profile where they can supplement the execution path or set aliases.  A scheduled job can be run to enforce compliance here but only after the policy is adopted and formalized with the user community.

Architecture and Implementation

The best overall architecture that I have wound up with is a layered approach with a set priority that provides for more granular the precedence based on how far down the priority stack of execution.  In essence, the lower down the chain, the greater influence that layer has on the final environment going from the macro to the micro.  Here are some diagrams to illustrate this approach.

 
Logical   Execution

 

The profile is first established by the OS defined profile whose file that is sourced is compiled into the shell binary itself.  The location of this file varies according to the OS variant and how the shell is configured for compilation.  The default user-centric profile is located in the home directory using the same hidden file name across all OS variants.  It is the user profile file that is the center for constructing and executing the precedence stack.  With each layer, the last profile pragmatically will override the prior layer as indicated in the "Logical" diagram.  Generally there is little need for the "Local Host Profile".  It is optional and only needed when on a standardized location on the local host a profile is created (e.g. /usr/local/etc/profile). 

See the next article "Homogenized Utility Sets" for more information surrounding the "Global" and "Local" network file locations and their purpose.  This will give perspective around these shared filesystems.

Tuesday 7th of April 2020 -  Copyright 2016 Allan Wolfe