One possible way to implement this would be to change the permissions on homedirs instead of moving them. So user goes inactive, chmod 700 and chown root /home/fedora/USERNAME User reactivates, chmod 0755, chown USERNAME.

Note that this would force us to do status (and possibly CLA) filtering on the client instead of the server, which might drastically increase the amount of data that needs to be sent on each fasClient run.

Why is that?

I'd think the changing to inactive status would be the same except os.move(HOMEDIR,BACKUPDIR + USERNAME) becomes os.chmod(0700, HOMEDIR), os.chown('root', HOMEDIR).

When a user is active, they'll suddenly be in the list of users from the server. IIRC, the code will then look at whether the HOMEDIR exists and create it if it doesn't. Our addition would be if it exists, is it owned by root? if so, os.chmod(0755,HOMEDIR), os.chown(USERNAME, HOMEDIR)

Am I missing something?

Sorry, I wasn't thinking, ignore what I said :-)

I just some initial code for restoring old homedirs from fedora.bak. At first, I tried to do this using chown and chmod, as Toshio suggested, but I ran into problems when I had to decide what to chmod home directories to when restoring a home directory (I had no way of knowing if the user had chmodded their home directory to 711 or 700 for some particular reason). What began of the chmod/chown code is still in the file, but commented out.

http://git.fedorahosted.org/git/fas.git?p=fas.git;a=commitdiff;h=29acc7ff6d2490c40201239563e02fc65beb392a

Toshio and I discussed this a bit more on IRC, and we decided to store the modes in a file and restore the old mode if the file is owned by root. Here's a first attempt at adding this functionality to the fasClient I've been working on:

http://git.fedorahosted.org/git/fas.git?p=fas.git;a=commitdiff;h=9dcff6583bed5672065ba85e0c6cf879ad0e5018

This is fixed in the current fasClient.