Description of problem: pam_oddjob_mkhomedir does not honor umask settings when creating home directories Version-Release number of selected component (if applicable): oddjob-mkhomedir-0.29.1-1.fc9.i386 How reproducible: Always. Steps to Reproduce: 1. Modified /etc/pam.d/system-auth with: session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0077 silent 2. Login via winbind authentication with no /home/ADDOMAIN/username directory already created 3. created home directory, i.e. /home/ADDOMAIN/username is created with permissions that ignore umask= parameter to pam_oddjob_mkhomedir Actual results: drwxr-xr-x 4 qustudent domain users 4096 2008-11-07 12:36 qustudent Expected results: drwx------ 4 qustudent domain users 4096 2008-11-07 12:36 qustudent Additional info: Replacing pam_oddjob_mkhomedir.so with pam_mkhomedir.so creates the home directory correctly: drwx------ 4 qustudent domain users 4096 2008-11-07 12:42 qustudent
That's not a setting that the module (which might be running unprivileged) should be allowed to set -- it's set in the service configuration as an argument that gets passed directly to the helper. In the default /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf, we pass "-u 0002" to the helper. You probably want to change that to "-u 077". I'm marking this as not-a-bug because there's no package change to be made here. Please reopen the bug if I've missed something. Thanks!
Thanks for the quick response, thought it was a drop in replacement for pam_mkhomedir.so -- thanks for the clarification, have changed the oddjobd.mkhomedir.conf as you mentioned and works fine. Thanks again!