[Samba] On the fly Machine accounts
Craig White
craigwhite at azapple.com
Fri Aug 26 17:45:25 GMT 2005
On Fri, 2005-08-26 at 12:48 -0400, Eric Feldhusen wrote:
> John H Terpstra wrote:
> > On Friday 26 August 2005 10:07, Paul Gienger wrote:
> >>Many people on this list.
> >
> >
> > What is your OS platform? Does it implement controls over permitted home
> > directories and shells that can be specified to the useradd command?
> >
> > More than one Linux distro will NOT permit the creation of a user account
> > (that is what a Windows domain member trust account is on the UNIX host) with
> > a shell other than what is defined in /etc/shells, and some will not permit a
> > home directory that consists of /dev/null.
> >
> > If your Linux distro has paranoid controls like that, a work around is
> > necessary. Here is a possible work-around:
> >
> > add machine script = /usr/sbin/useradd -d /var/nodirs -g computers
> > -s /bin/false '%u'
> >
> > Note that the %u is quoted with single quotes.
> >
> > Add to the /etc/shells: /bin/false
> >
> > Create the directory /var/nodirs with permissions set:
> > chown root:root /var/nodirs
> > chmod 550 /var/nodirs
> >
> > In other words, all access to /var/nodirs prevents user ability to write to
> > the directory. It should also have no contents.
> >
> > - John T.
>
> Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not
> in a position to check at the moment.
----
RHEL 3/4 support invalid shells and home directory of /dev/null so this
workaround shouldn't be necessary
Craig
More information about the samba
mailing list