RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 634356 - oddjob-mkhomedir not working
Summary: oddjob-mkhomedir not working
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: oddjob
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-09-15 21:32 UTC by Jan-Frode Myklebust
Modified: 2011-03-10 07:51 UTC (History)
2 users (show)

Fixed In Version: oddjob-0.30-3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-10 07:51:15 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch to never call dbus_connection_close() (1.05 KB, patch)
2010-09-16 19:23 UTC, Nalin Dahyabhai 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0339 0 normal SHIPPED_LIVE oddjob bug fix update 2011-03-10 07:50:58 UTC

Description Jan-Frode Myklebust 2010-09-15 21:32:55 UTC 
Description of problem:

I have installed and started messagebus and oddjobd, and configured my /etc/pam.d/sshd to include this line:

session required pam_oddjob_mkhomedir.so

But when I try to log in using a user without a home directory (/home/janfrode), I get the error:

org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir was not
provided by any .service files

Same error is seen when trying to create the home directory from the commandline:

        # dbus-send --system --dest=com.redhat.oddjob_mkhomedir --print-reply / com.redhat.oddj
ob_mkhomedir.mkhomedirfor string:"janfrode"
        Error org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir w
as not provided by any .service files

I haven´t touched the d-bus or oddjob configuration files, but looking at them I seem to see that they both contains stanzas for oddjob-mkhomedir, so I´m pretty lost for what the missing .service file is.

Version-Release number of selected component (if applicable):

oddjob-mkhomedir-0.30-1.el6.x86_64
oddjob-0.30-1.el6.x86_64
dbus-1.2.24-3.el6.x86_64

How reproducible:

100%

Steps to Reproduce:
1. yum install dbus oddjob oddjob-mkhomedir
2. service restart messagebus
3. service restart oddjob
4. Add the line "session required pam_oddjob_mkhomedir.so" to /etc/pam.d/sshd
5. Delete a users home directory (rm -rf /home/janfrode)
6. Log inn using ssh as this user.
  
Actual results:

No home directory created, and error seen when logging in:
org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir was not
provided by any .service files

Expected results:

No errors, and /home/janfrode created.

Additional info:

I´m actually not using local users, but users from an ldap database. But I don´t think that´s relevant. The home directory for this user in ldap is /home/janfrode.

Also, I´m a bit surprised that the deployment guide section 15.2.3.2.2.1 is talking about using pam_mkhomedir, since as far as I know, this will not work with selinux in enforcing mode. I did a small test of pam_mkhomedir, and as expected immediately saw an AVC denial when it tried to create my home directory:

1. 15. sep. 2010 15:38:53 mkhomedir_helpe unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 8
3 dir write system_u:object_r:home_root_t:s0 denied 15215
Comment 2 Nalin Dahyabhai 2010-09-15 22:12:29 UTC 
org.freedesktop.DBus.Error.ServiceUnknown usually indicates that there's no such service running, which is weird because you mentioned you'd (re)started both the messagebus and oddjobd.  Just to be sure, 'service oddjobd status' confirms that the daemon's running?

If you momentarily run 'setenforce 0' before logging in (you can 'setenforce 1' immediately after), does the right thing start happening?  I know we made some changes to the policy in this area after beta 2, and it's possible that this is one of the things that's sorted in the newer policy.
Comment 5 Jan-Frode Myklebust 2010-09-16 06:52:29 UTC 
Good call...

# service oddjobd status
oddjobd er død, men pid-filen eksisterer

(oddjobd is dead, but pid-file exist)

Then I restart it:

# service oddjobd restart
Avslutter oddjobd:                                         [FEILET]
Starter oddjobd:                                           [  OK  ]


and feel quite stupid when I can log in and get my home directory created..

Thanks!
Comment 6 Nalin Dahyabhai 2010-09-16 14:20:36 UTC 
Is there any diagnostic information indicating why the daemon might have died off?  It's abort()ing when it loses its connection to the bus and tries to clean up and reconnect (libdbus didn't used to do that, aagh), so the messagebus restart would have caused a crash, but if you restarted oddjobd immediately after, and it died again, that's worth looking into.
Comment 7 Jan-Frode Myklebust 2010-09-16 17:51:08 UTC 
I don't have any diagnostics no, as this server has been re-installed several times since we saw this problem, but I think you're again pointing at the correct problem. I see that doing a "service messagebus restart" is causing oddjobd to die, and then I see the same error when trying to log in.

# service oddjobd status
oddjobd (pid  21354) kjører...
# service messagebus restart
Starter meldingsbuss for systemet:                         [  OK  ]
Starter meldingsbuss for systemet:                         [  OK  ]
# service oddjobd status
oddjobd er død, men pid-filen eksisterer

# ssh janfrode.lysetele.net
Password: 
org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir was not provided by any .service files
Last login: Thu Sep 16 19:43:30 2010 from jfmfedora.lab.lysetele.net
Could not chdir to home directory /home/janfrode: No such file or directory

This does not happen on RHEL5.5, so I think it qualifies as a regression in RHEL6.
Comment 8 Nalin Dahyabhai 2010-09-16 19:10:20 UTC 
(In reply to comment #7)
> This does not happen on RHEL5.5, so I think it qualifies as a regression in
> RHEL6.

Makes sense to me.  I didn't have a bug to track it yet, so this one will do.
Comment 9 Nalin Dahyabhai 2010-09-16 19:23:08 UTC 
Created attachment 447839 [details]
patch to never call dbus_connection_close()
Comment 14 errata-xmlrpc 2011-03-10 07:51:15 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0339.html
Note You need to log in before you can comment on or make changes to this bug.