[Samba] On the fly Machine accounts
Eric Feldhusen
efeldhusen at chartermi.net
Fri Aug 26 16:48:58 GMT 2005
John H Terpstra wrote:
> On Friday 26 August 2005 10:07, Paul Gienger wrote:
>>Many people on this list.
>
>
> What is your OS platform? Does it implement controls over permitted home
> directories and shells that can be specified to the useradd command?
>
> More than one Linux distro will NOT permit the creation of a user account
> (that is what a Windows domain member trust account is on the UNIX host) with
> a shell other than what is defined in /etc/shells, and some will not permit a
> home directory that consists of /dev/null.
>
> If your Linux distro has paranoid controls like that, a work around is
> necessary. Here is a possible work-around:
>
> add machine script = /usr/sbin/useradd -d /var/nodirs -g computers
> -s /bin/false '%u'
>
> Note that the %u is quoted with single quotes.
>
> Add to the /etc/shells: /bin/false
>
> Create the directory /var/nodirs with permissions set:
> chown root:root /var/nodirs
> chmod 550 /var/nodirs
>
> In other words, all access to /var/nodirs prevents user ability to write to
> the directory. It should also have no contents.
>
> - John T.
Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not
in a position to check at the moment.
--
Eric Feldhusen
System Administrator http://www.remc1.org
PO Box 270 (906) 482-4520 x239
809 Hecla St (906) 482-5031 fax
Hancock, MI 49930 (906) 370 6202 mobile
More information about the samba
mailing list