Red Hat Bugzilla – Bug 470570
pam_oddjob_mkhomedir doesn't honor umask
Last modified: 2008-11-07 15:08:41 EST
Description of problem:
pam_oddjob_mkhomedir does not honor umask settings when creating home directories
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Modified /etc/pam.d/system-auth with:
session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0077 silent
2. Login via winbind authentication with no /home/ADDOMAIN/username directory already created
3. created home directory, i.e. /home/ADDOMAIN/username is created with permissions that ignore umask= parameter to pam_oddjob_mkhomedir
drwxr-xr-x 4 qustudent domain users 4096 2008-11-07 12:36 qustudent
drwx------ 4 qustudent domain users 4096 2008-11-07 12:36 qustudent
Replacing pam_oddjob_mkhomedir.so with pam_mkhomedir.so creates the home directory correctly:
drwx------ 4 qustudent domain users 4096 2008-11-07 12:42 qustudent
That's not a setting that the module (which might be running unprivileged) should be allowed to set -- it's set in the service configuration as an argument that gets passed directly to the helper.
In the default /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf, we pass "-u 0002" to the helper. You probably want to change that to "-u 077".
I'm marking this as not-a-bug because there's no package change to be made here. Please reopen the bug if I've missed something. Thanks!
Thanks for the quick response, thought it was a drop in replacement for pam_mkhomedir.so -- thanks for the clarification, have changed the oddjobd.mkhomedir.conf as you mentioned and works fine. Thanks again!