[Samba] pam_mkhomedir.so not working.
Sadique Puthen
sputhenp at redhat.com
Tue Feb 26 18:25:26 GMT 2008
Linux Addict wrote:
> On Tue, Feb 26, 2008 at 9:31 AM, Bjoern Tore Sund <bjorn.sund at it.uib.no> wrote:
>
>> Linux Addict wrote:
>> > Sambains, I gotta samba setup where I use pam_mkhomedir.so to create
>> > home dir for first time users. Same configuration is working on many
>> > hosts and if I create a home directory manually, I can login, but not
>> > on fly. And also when I change the /home permission to 777, its
>> > creating home directory for new users on fly.
>> >
>> > When strace a su session, I getting the following error. My guess is
>> > the module is working, but something is preventing. I have selinux
>> > disabled and root has W permission to /home.
>> >
>> >
>> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>> > 0) = 0x2a98c46000
>> > write(1, "Creating directory \'/home/DOM/"..., 44Creating directory
>> > '/home/DOM/user1'.
>> > ) = 44
>> > mkdir("/home/DOM/user1", 0700) = -1 EACCES (Permission denied)
>> > time([1203973003]) = 1203973003
>> >
>> >
>> > I played enough with the umask, but cudn't figure out much.
>> >
>> > This is my pam line on system-auth
>> >
>> > session required /lib64/security/pam_mkhomedir.so skel=/etc/skel umask=0022
>>
>> On Fedora Core 5, Fedora Core 6 and RHEL4 I saw the same because
>> pam_mkhomedir didn't do 'mkdir -p' only 'mkdir' - it assumed the
>> existence of the entire tree and wanted to only create the user's
>> personal directory.
>>
>> This problem was gone in later versions of these distributions. Exactly
>> which versions of pam and pam_mkhomedir these distributions map to I
>> don't know, but you may want to check whether this is what you're seeing.
>>
>> Bjørn
>> --
>> Bjørn Tore Sund Phone: 555-84894 Email: bjorn.sund at it.uib.no
>> IT department VIP: 81724 Support: http://bs.uib.no
>> Univ. of Bergen
>>
>> When in fear and when in doubt, run in circles, scream and shout.
>>
>>
>
> This happening on only few of RHEL4 x86_64 bit hosts. Yes the parent
> indeed exists..
>
> On, mkdir("/home/DOM/user1", 0700) does 0700 the permission? If yes
> why should it use it when the umask is 0022
>
I don't know why pam_kmhomedir.so does not work. If an unprivileged user
is doing su to another user, pam_mkhomedir.so shouldn't have the
required permissions to create directory. BTW, i prefer
pam_oddjob_mkhomedir.so to pam_mkhomedir.so. See
http://kbase.redhat.com/faq/FAQ_103_9091.shtm
--Sadique
More information about the samba
mailing list