[Freeipa-users] Centos 7 No permission to /home/..

Craig White CWhite at skytouchtechnology.com
Mon Feb 23 17:03:34 UTC 2015 

-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Günther J. Niederwimmer
Sent: Monday, February 23, 2015 9:30 AM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Centos 7 No permission to /home/..

Hello,

Am Montag, 23. Februar 2015, 09:55:06 schrieb Jakub Hrozek:
> On Sun, Feb 22, 2015 at 10:19:32PM +0100, Günther J. Niederwimmer wrote:
> > Hello,
> > 
> > I have installed centos 7 and a ipa-server on a other system a 
> > second ipa- server.
> > 
> > But I can't create a user home directory, not on the server and not 
> > on a
> > ipa- client with autocreate ?
> > 
> > Have any a hint on witch place I can search for this problem ?
> > 
> > sssd ipa-server / client ....
> > 
> > When you like info please tell me what?
> 
> The first step is verifying that "getent passwd $user" actually 
> reports the home dir you'd like it to. It's especially important to 
> check with users from trusted AD domains.

This is working, tell me "/home/xxxx"
 
> Do you intend to auto-create the home directories on the clients or 
> have them mounted from a central location? In the former case, you 
> should check configuration of oddjob-mkhomedir, in the latter, you 
> should check the automounter configuration.

I tested all (?), I have configured a ntp /mount for /home, Create a /home/user directory only on the ipa-server, nothing is working I have allways permission denied ?

I found a Bug report for the oddjob-mkhomedir, to change the permission from
0002 to 0077 but now, I am on the end ?  

But on a ipa client a can't do chown -R xxxx:ipausers to change the permission.

The ipausers Group is not found on a client?

Is this a sssd problem? 

Now I uninstall all and start again ?.
----
On my setup, group 'ipausers' is not a Posix Group and thus isn't relevant to any of the servers.

If indeed oddjob_mkhomedir is creating users $HOME with 755 permissions, then you might want to have a root cron script running on the NFS server itself to set the permissions on a regular basis... ie.
0 * * * * chmod 0700 /home/* > /dev/null 2>&1 #Every hour on the hour, set /home/* to users only.

Not an SSSD problem.

Craig

More information about the Freeipa-users mailing list