Re: pam_mkhomedir

To: debian users <debian-user@lists.debian.org>
Subject: Re: pam_mkhomedir
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 6 Oct 2003 17:33:32 +0100
Message-id: <[🔎] 20031006163332.GB13846@riva.ucam.org>
Mail-followup-to: debian users <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20031006154937.GA28806@diamond.madduck.net>
References: <[🔎] 20031006154937.GA28806@diamond.madduck.net>

On Mon, Oct 06, 2003 at 05:49:37PM +0200, martin f krafft wrote:
> When I configure pam_mkhomedir in /etc/pam.d/ssh like so:
> 
>   session required pam_mkhomedir umask=0066 skel=/etc/skel
> 
> then it fails to do it's job. The log reports "unable to create
> directory" and "Permission denied". I think this is because SSH uses
> privilege separation, so the PAM stack is called after dropping
> root. This is backed up by the fact that setting the permissions on
> /home to 0777 allows a normal user to log in and have his/her
> homedir be automatically created.

sshd currently runs PAM session modules as the authenticated user, not
as root. (I think 3.7 changes this.)

While this appeared at the same time as privilege separation, it's not
an intrinsic consequence of it.

> Is this a known problem?

Yes, very much so.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: pam_mkhomedir
  - From: martin f krafft <madduck@debian.org>

References:
- pam_mkhomedir
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: Weird console output from eth0
Next by Date: Illegal Instructions
Previous by thread: pam_mkhomedir
Next by thread: Re: pam_mkhomedir
Index(es):
- Date
- Thread