package: x2goserver
When x2godbadmin is used with a postgres database, and the user name given doesn't yet have a home directory, it creates this home directory. (see line 368 and following of /usr/sbin/x2godbadmin).
However, it fails to set the proper UID/GID ownerships for /home/<username> - only the files below it have the proper ownership.
The proper way how to determine the correct UID for /home/<username> is simple - use the UID that has been determined previously and that is used as $uid within /usr/sbin/x2godbadmin.
The proper way how to determine the correct *GID* is more tricky, I believe. I can only speak for Debian here - this may be distribution-specific:
You need to check if /etc/default/useradd contains a line USERGROUPS_ENAB=yes (which might also be "yes", or 'yes', or Yes, YES, ... you get the idea)
Check if that value is set to any variant of yes, or not set at all: If yes: Check if the user already has a group named after them: If yes, use the GID of that group. If no, create a new group with a name matching the username, and assign the GID of that group.
If no (meaning the value is set to any variant of no, "no", 'no', No, etc.): Check if /etc/default/useradd contains a valid GID value for a variable named GROUP: If it does, assign that GID. If it doesn't, assign GID 100.
This pseudocode builds on the documentation found in "man useradd" on Debian Jessie, after confirming the default value of USERGROUPS_ENAB is, in fact, "unset".
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Am 07.02.2017 um 23:14 schrieb Nable:
Well, there already is code in there that is doing it - it just does it wrong in this particular case. Of course, we could argue that the entire piece of code should be removed - but how would you handle things in this particular case? Having no /home/<username> is something that is most likely to happen with non-local accounts. pam_mkhomedir fixes this and creates it on the spot - IF, and only IF the user logs in. x2godbadmin, however, needs to be run
-> chicken and egg.
So - to expand this bug - what we'd need is some piece of code that does what pam_mkhomedir does (not only create the directory and set ownership/permissions, *but also* populate it with the contents of /etc/skel) - but for a user other than the one that's currently logged in. Are you aware of anything that does that and that we could call?
-Stefan
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
I've also seen posts (e.g.[1]) about `oddjob-mkhomedir' (and I've already seen it in Debian repos) but I wonder if this way is production-ready. And this way seems to be more complex.
Hi,
To add my 2 cents, I workarounded this by creating a small helper script for provisionning my accounts which does the x2godbadmin --adduser stuff + a few other things (provisionning the /etc/skel content, setting right user perms, ...)
I don't think it is mandatory to expand these features inside the script but creating good documentation about those script (and I include scripts such as x2golistsession, x2goterminatesession, ...) and good error reporting would be great because it's very hard o know what they do unless you tap directly inside the code itself (which I did at then end).
Regards, Walid Moghrabi
TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3
----- Mail original -----
De: "Nable" <nable.maininbox@googlemail.com> À: "Stefan Baur" <X2Go-ML-1@baur-itcs.de> Cc: 1145@bugs.x2go.org Envoyé: Mercredi 8 Février 2017 02:32:52 Objet: [X2Go-Dev] Bug#1145: Bug#1145: x2godbadmin + postgres + non-existent home directory = wrong ownerships
I've also seen posts (e.g.[1]) about `oddjob-mkhomedir' (and I've already seen it in Debian repos) but I wonder if this way is production-ready. And this way seems to be more complex.
[1] https://access.redhat.com/discussions/903523
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you
Am 07.02.2017 um 23:41 schrieb Stefan Baur:
Ha, I think I found a way to "hatch the egg"!
As root, do:
su <username> -s /bin/true # this triggers pam_mkhomedir for <username> x2godbadmin --adduser <username>
We *might* consider adding that inside x2godbadmin, but would have to make sure it is only used if pam_mkhomedir is in use/users are non-local users (because it won't do the trick if it's a local user account that doesn't have a homedirectory yet).
-Stefan
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243