Hi, I have been playing with pam_mkhomedir and ldap, but had problems
getting it to create the users home directory. All the information on
this problem seems to suggest that this is somehow broken.
To sum up my problem here is what was wrong:
I have a user named "test" in my ldap directory, and I try to su to that
user on server X, but this is the first time the user has logged in so
pam_mkhomedir need to create the home directory. But this fails for some
strange reason, if one adds some more debug code(this really needed) we
find out that our effective uid is root, so it should not be a
permission problem. But after reading about setuid and discovering the
fsuid/fsgid call on Linux and setting the /home to 777, it becomes
apparent that this is the problem.
What happens is, at least with su:
1. su is run setuid root, this sets the effective uid to root.
2. then the pam code is run, and the setfsuid code is called either in
su or in the pam code, i don't know. But anyhow the result is that
the fsuid is set to the users we sued to (eg. test).
3. pam_mkhomedir is called, the effective uid is still root, and the
real uid is now the one of the users we su'ed to(eg. test). But since
we on linux have fsuid/fsgid and this is used for filesystem access,
this makes it imposible for us to create a directory under /home
because is owned by root and set to 750.
I am new to PAM and how it functions so if someone have corrections of
can elaborate it would be more than welcome.
I have made a patch to fix this problem by setting the fsuid/fsgid to
root while creating the directory and setting it back right after, it
looks to be the best solution as the original code also seems to expect
to run as root at least for the creation of the directories.
Also who has maintainership of pam?, most distibutions seem to use
redhat's version. Or put i other words where do I send my patches.
Kinds regards
Troels Liebe Bentsen
--- Linux-PAM-0.75/modules/pam_mkhomedir/pam_mkhomedir.c.old 2003-07-01 10:34:56.000000000 +0200
+++ Linux-PAM-0.75/modules/pam_mkhomedir/pam_mkhomedir.c 2003-07-01 10:36:39.000000000 +0200
@@ -330,7 +330,8 @@
char *ubuf = NULL;
size_t ubuflen;
struct stat St;
-
+ int uid, gid;
+
/* Parse the flag values */
ctrl = _pam_parse(flags, argc, argv);
@@ -360,7 +361,26 @@
return PAM_SUCCESS;
}
- retval = create_homedir(pamh,ctrl,pwd,SkelDir,pwd->pw_dir);
+ /* Set euid to root as we need to create the homedir. */
+#ifdef linux
+ /* If we are on linux the better way is setfsuid */
+ uid = setfsuid(0);
+ gid = setfsuid(0);
+#else
+ uid = geteuid();
+ gid = getegid();
+ (void) seteuid(0);
+ (void) setegid(0);
+#endif
+ retval = create_homedir(pamh,ctrl,pwd,SkelDir,pwd->pw_dir);
+#ifdef linux
+ uid = setfsuid(uid);
+ uid = setfsgid(gid);
+#else
+ (void) seteuid(uid);
+ (void) setegid(gid);
+#endif
+
if (ubuf) {
free(ubuf);
}
