Posted by Steve on Thu 8 Jun 2006 at 09:33
If you are using LDAP or NIS to manage users you might discover users having problems because they don't have a home directory on each machine they can connect to. Thankfully there is a simple solution for creating home directories upon demand for users.
The Pluggable Authentication Modules library, or PAM, is a collection of shared libraries which control how users login to systems. There are a number of modules installed which can be used to restrict user access to systems in different ways. There are also several utility modules which can be used to customise login behaviour.
In the past we've shown how to limit the times of day users can login by making use of the pam_time.so library.
Amongst the utility libraries included as standard with your Debian GNU/Linux installation (located in the directory /lib/security) is pam_mkhomedir.so which can be used to create a new home directory for users who do not already have one.
To enable this module we need to add the following line to /etc/pam.d/common-account:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
The common-account file is included by several other authentication files, so it will take effect for remote SSH logins, local GDM logins, and console logins too.
The parameters we've chosen should be pretty self-explainatory: skel is used to specify a directory containing files which should be copied into the new home directory. umask specifies the umask to use for the directory creation.
As an example of how this works we'll add a temporary user to our system:
root@lappy:~# useradd pamtest root@lappy:~# ls /home/pamtest ls: /home/pamtest: No such file or directory
Notice how there is no home directory? If we attempt to login to that account now it will be created for us:
root@lappy:~# su - pamtest Creating directory '/home/pamtest'. pamtest@lappy:~$
Note remove this account once you've satisfied yourself that the module is working as expected:
pamtest@lappy:~$ exit logout root@lappy:~# userdel pamtest root@lappy:~# rm -rf /home/pamtest/
This solution is very simple to implement, and can be useful in a lot of situations. If you're in a large environment you might find using an automounter more useful - this would allow you to mount an NFS home directory for each user who logs in. The big advantage of this approach is that each users home directory is identical regardless of which system they login to.
This article can be found online at the Debian Administration website at the following bookmarkable URL:
This article is copyright 2006 Steve - please ask for permission to republish or translate.