[Bug 1957024] Re: pam-mkhomedir does not honor private home directories

Tue, 19 Nov 2024 04:51:34 -0800 

Testing further, the newer versions of pam_mkhomedir module honours
the umask set in /etc/login.defs. So this has already been made consistent
across tools (useradd & so on). So the problem only exists in Jammy & older 
Ubuntu releases.

pam_mkhomedir

The relevant part in /etc/login.defs (from Noble):
```
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
HOME_MODE       0750
```

This HOME_MODE is a recent addition and doesn't exist in Jammy or older.

pam_mkhomedir module honours this now. But anything specified in the "argv" 
will override
and will work exactly in the same way. 

This was done through the change:
```
    pam_mkhomedir: use HOME_MODE or UMASK from /etc/login.defs.
    Follow the example of useradd(8) and set the user home directory mode
    to the value of HOME_MODE or UMASK configuration item from
    /etc/login.defs when umask option is not specified.
```

However, to not have HOME's umask in too many places, I think it's
better to have Plucky change reverted so that there's one less config
file with umask.

To be clear, there's no problem as such with:
https://git.launchpad.net/ubuntu/+source/pam/commit/?id=c576b5c19abb383ce53dfc10a986d7cf164eaeaf

but I am of the opinion having less one source is better. Besides, Plucky was 
unaffected by this
issue due to HOME_MODE's existence now.

So I believe the correct approach is to SRU the fix only for older releases 
(Jammy & Focal).
To that end, I request Alex to revert the Plucky merge. Sorry Alex, I should 
have checked the
newer releases for any potential fixes before proposing mine! Hopefully, it's a 
straightforward revert.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957024

Title:
  pam-mkhomedir does not honor private home directories

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1957024/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to