[Samba] pam_mkhomedir.so not working.

Sadique Puthen sputhenp at redhat.com
Tue Feb 26 18:25:26 GMT 2008 

Linux Addict wrote:
> On Tue, Feb 26, 2008 at 9:31 AM, Bjoern Tore Sund <bjorn.sund at it.uib.no> wrote:
>   
>> Linux Addict wrote:
>>  > Sambains, I gotta samba setup where I use pam_mkhomedir.so to create
>>  > home dir for first time users. Same configuration is working on many
>>  > hosts and if I create a home directory manually, I can login, but not
>>  > on fly. And also when I change the /home permission to 777, its
>>  > creating home directory for new users on fly.
>>  >
>>  > When strace a su session, I getting the following error. My guess is
>>  > the module is working, but something is preventing. I have selinux
>>  > disabled and root has W permission to /home.
>>  >
>>  >
>>  > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>  > 0) = 0x2a98c46000
>>  > write(1, "Creating directory \'/home/DOM/"..., 44Creating directory
>>  > '/home/DOM/user1'.
>>  > ) = 44
>>  > mkdir("/home/DOM/user1", 0700)    = -1 EACCES (Permission denied)
>>  > time([1203973003])                      = 1203973003
>>  >
>>  >
>>  > I played enough with the umask, but cudn't figure out much.
>>  >
>>  > This is my pam line on system-auth
>>  >
>>  > session required /lib64/security/pam_mkhomedir.so skel=/etc/skel umask=0022
>>
>>  On Fedora Core 5, Fedora Core 6 and RHEL4 I saw the same because
>>  pam_mkhomedir didn't do 'mkdir -p' only 'mkdir' - it assumed the
>>  existence of the entire tree and wanted to only create the user's
>>  personal directory.
>>
>>  This problem was gone in later versions of these distributions.  Exactly
>>  which versions of pam and pam_mkhomedir these distributions map to I
>>  don't know, but you may want to check whether this is what you're seeing.
>>
>>  Bjørn
>>  --
>>  Bjørn Tore Sund       Phone: 555-84894   Email:   bjorn.sund at it.uib.no
>>  IT department         VIP:   81724       Support: http://bs.uib.no
>>  Univ. of Bergen
>>
>>  When in fear and when in doubt, run in circles, scream and shout.
>>
>>     
>
> This happening on only few of RHEL4 x86_64 bit hosts. Yes the parent
> indeed exists..
>
> On, mkdir("/home/DOM/user1", 0700) does 0700 the permission? If yes
> why should it use it when the umask is 0022
>   

I don't know why pam_kmhomedir.so does not work. If an unprivileged user 
is doing su to another user, pam_mkhomedir.so shouldn't have the 
required permissions to create directory. BTW, i prefer  
pam_oddjob_mkhomedir.so to pam_mkhomedir.so. See 
http://kbase.redhat.com/faq/FAQ_103_9091.shtm

--Sadique

More information about the samba mailing list