[Freeipa-users] oddjob_mkhomedir troubles

Ronald Wimmer ronaldw at ronzo.at
Thu Apr 20 11:33:13 UTC 2017 

On 2017-04-19 13:06, Ronald Wimmer wrote:
> [...]
>
> as the default directory (by setting override_homedir in sssd.conf) 
> oddjob_mkhomedir creates the user directory but I still get a 
> permission denied when logging in for the first time. (cd /home/user 
> works)
>
The only thing I see in the logs is:

Apr 20 13:10:02 testclient systemd: Starting Session 1260 of user 
myuser at mydomain.at.
Apr 20 13:10:02 testclient oddjob-mkhomedir[15879]: error setting 
permissions on /home/mydomain.at/myuser: Operation not permitted
Apr 20 13:10:02 testclient dbus[770]: [system] Activating service 
name='org.freedesktop.problems' (using servicehelper)
Apr 20 13:10:02 testclient dbus-daemon: dbus[770]: [system] Activating 
service name='org.freedesktop.problems' (using servicehelper)
Apr 20 13:10:02 testclient dbus[770]: [system] Successfully activated 
service 'org.freedesktop.problems'
Apr 20 13:10:02 testclient dbus-daemon: dbus[770]: [system] Successfully 
activated service 'org.freedesktop.problems'

This is where PAM put the module:
/etc/pam.d/fingerprint-auth:session     optional pam_oddjob_mkhomedir.so 
umask=0077
/etc/pam.d/fingerprint-auth-ac:session     optional 
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/password-auth:session     optional pam_oddjob_mkhomedir.so 
umask=0077
/etc/pam.d/password-auth-ac:session     optional pam_oddjob_mkhomedir.so 
umask=0077
/etc/pam.d/smartcard-auth:session     optional pam_oddjob_mkhomedir.so 
umask=0077
/etc/pam.d/smartcard-auth-ac:session     optional 
pam_oddjob_mkhomedir.so umask=0077
/etc/pam.d/system-auth:session     optional pam_oddjob_mkhomedir.so 
umask=0077
/etc/pam.d/system-auth-ac:session     optional pam_oddjob_mkhomedir.so 
umask=0077

Maybe it is not placed in the right line in /etc/pam.d/system-auth:
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     optional      pam_oddjob_mkhomedir.so umask=0077
session     [success=1 default=ignore] pam_succeed_if.so service in 
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_sss.so

Is there a PAM expert around who can tell?

Regards,
Ronald

More information about the Freeipa-users mailing list