Home directory hosted using NFS mount in corporate environment

Hi GreyM1P

Short story: This solution is working as expected. My ~/.config/1Password data directory is not available on any systems other than my personal Linux workstation. I am now comfortable that logging out of 1Password clears my data off of the device.

Environment Summary

1. Most users are issued a managed Dell Windows PC. As a developer, I requested a Linux workstation in addition to the standard Windows client. I am granted sudo access to the workstation so that I can maintain it and install what I need to do my job.
   
2. Every user has admin privileges on their client Windows PCs, but all software is strictly scanned to enforce security policy. In this case, the standard 1Password install is sufficient (and not blocked) since all account data is local to the device.
   
3. Every user has a Linux account so that they can login to a grid of Linux servers.
   
4. All of the home directories for the Linux accounts are NFS mounted. This is a convenience so that you can access your ~ data no matter the system you are logged into. This also includes personal Linux workstations like mine. The standard 1Password install is not recommended (based on this discussion) for desktop environments.
   
5. All Linux accounts have 2 weeks of snapshot protection for their home directories that resides in ~/.snapshots.
   

Solution

1. Log out of 1Password, quit the application, and remove /home/username/.config/1Password.
   
2. Create a new 1Password data directory on the local file system outside of /home (I chose /home.local/username/1Password).
   
3. Symlink: ln -s /home.local/username/1Password /home/username/.config/1Password.
   
4. Open 1Password and log in.
   
5. All of the 1Password data now lives in /home.local/username/1Password.
   

Local 1Password Data Directory


username@workstation:/home.local/username$ ls -l
total 8
drwx------ 13 username group 4096 Dec 16 16:31 1Password


NFS 1Password Data Directory


username@workstation:~/.config$ ls -l 1Password
lrwxrwxrwx 1 username group 30 Dec 16 16:20 1Password -> /home.local/username/1Password


Snapshot Structure


username@workstation:~/.snapshot$ ls
daily.2022-12-11_0010 daily.2022-12-15_0010 hourly.2022-12-17_0805 hourly.2022-12-17_1205 weekly.2022-12-11_0015
daily.2022-12-12_0010 daily.2022-12-16_0010 hourly.2022-12-17_0905 hourly.2022-12-17_1305
daily.2022-12-13_0010 daily.2022-12-17_0010 hourly.2022-12-17_1005 hourly.2022-12-17_1405
daily.2022-12-14_0010 hourly.2022-12-17_0705 hourly.2022-12-17_1105 weekly.2022-12-04_0015


Local Snapshot Data Directory


username@workstation:~/.snapshot/daily.2022-12-17_0010/.config$ ls -l 1Password
lrwxrwxrwx 1 username group 30 Dec 16 16:20 1Password -> /home.local/username/1Password


Other System Snapshot Data Directory


username@other-system:~/.snapshot/daily.2022-12-17_0010/.config$ ls -l 1Password
lrwxrwxrwx 1 username group 30 Dec 16 16:20 1Password -> broken_link