I have configured an IPA domain for my systems and also enabled automatically creating home directory when user logs in with --enablemkhomedir option. the problem I have is whenever a user logs in, a home directory will create for it with 755 permission.but I want the permission to be 700. How do i fix this? I'll appreciate any advice.
Asked
Active
Viewed 6,340 times
1
-
I'm having the same issue... looking into a fix. Also, this probably belongs on ServerFault. – ewwhite Apr 19 '14 at 08:41
1 Answers
2
Assuming a RHEL or CentOS-like system, this is a bug, detailed in: Red Hat 995097.
The fix that I have in place is to use the oddjobd process to create directories, rather than the legacy pam_mkhomedir.
So if you don't already have it, yum install oddjob-mkhomedir.
From there, you can edit the mask in /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf
Modify the two entries:
<method name="mkmyhomedir">
<helper exec="/usr/libexec/oddjob/mkhomedir -u 0002"
arguments="0"
prepend_user_name="yes"/>
<!-- no acl entries -> not allowed for anyone -->
</method>
<method name="mkhomedirfor">
<helper exec="/usr/libexec/oddjob/mkhomedir -u 0002"
to:
<method name="mkmyhomedir">
<helper exec="/usr/libexec/oddjob/mkhomedir -u 0077"
arguments="0"
prepend_user_name="yes"/>
<!-- no acl entries -> not allowed for anyone -->
</method>
<method name="mkhomedirfor">
<helper exec="/usr/libexec/oddjob/mkhomedir -u 0077"
Restart oddjobd and make sure it's chkconfig'd on.
You may also need to restart sssd.
Also see: http://tech.lanesnotes.com/2010/11/ad-authentication-with-rhel-6.html
