From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 25 May 2023 17:49:35 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q2DDd-00DxrB-2g for lore@lore.pengutronix.de; Thu, 25 May 2023 17:49:35 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1q2DDa-0001Vi-35; Thu, 25 May 2023 17:49:34 +0200 Received: from www133.your-server.de ([88.198.195.18]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q2DD2-0001VY-QG for ptxdist@pengutronix.de; Thu, 25 May 2023 17:49:01 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tb6.eu; s=default2109; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: References:To:Subject:From:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID; bh=wT8Ee9g0OqYZoODKVrTkrgSJstKX3AAGL2Ci2AkKWSk=; b=QDkVRVTY0oVKbiBLap8b5tcwiN ukLtwgKrFtPZiuY94Ds3MEsPYW6WUxOxMFPLqm3ScWnu1WrVhL45r127HfMmw949kal5586yq3oEm nqxvxU/GS0wM3GqGXdyziEmX7Po/IKwawLBwv2Qs/jDh6uHmmIWVibxI0e0pTPV1e6+MHb5diLWyl 2GGUgk6M4yruXk9qAn+jImE/h6kulPOrf4OYPwQEgG14+aRE8UAQ4KzFB6vMiMoMSKIswTr1Wjid2 6cQ5V6iAJmc17awNUG92/T+gdafXBTgLhFA088QleuV/Z06odGpBKLpBWzhWyZa1voqKKgNgK5Mqq fky5BFFw==; Received: from sslproxy06.your-server.de ([78.46.172.3]) by www133.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q2DD2-000K1M-4z for ptxdist@pengutronix.de; Thu, 25 May 2023 17:48:59 +0200 Received: from [178.26.178.191] (helo=[192.168.0.126]) by sslproxy06.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q2DD1-000FPx-LG for ptxdist@pengutronix.de; Thu, 25 May 2023 17:48:59 +0200 Message-ID: <65ac4216-04f6-c496-a292-ab0703425aaa@tb6.eu> Date: Thu, 25 May 2023 17:48:58 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 From: Tamino Bauknecht To: ptxdist@pengutronix.de References: <20230519134710.9618-1-dev@tb6.eu> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Authenticated-Sender: dev@tb6.eu X-Virus-Scanned: Clear (ClamAV 0.103.8/26918/Thu May 25 09:25:14 2023) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH] pam: add installation of /sbin/mkhomedir_helper X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Hi Ladis, independent of my use case, I considered this to be a bug because the library pam_mkhomedir.so is installed on the target but doesn't work without this addition. The use case is that when providing an LDAP login via PAM to SSH (for target maintenance with a central credential management), it can be convenient to have auto-created home directories for new users. Although I guess this is not quite the standard use of ptxdist, I think that it can be misleading to have non-working libraries installed on the device (especially because a misconfiguration in PAM can lead to trouble with accessing the target). Since the binary is quite small (~20kB), the inclusion might be worth it even though it won't be required by the majority of users. On 5/24/23 11:30, Ladislav Michl wrote: > Hi Tamino, > > On Fri, May 19, 2023 at 03:47:10PM +0200, Tamino Bauknecht wrote: >> This binary is required by the PAM library pam_mkhomedir.so which is >> installed to '/usr/lib/security'. If used in a PAM configuration, a >> home directory will be automatically created when a user logs in. >> Without this helper, the library will fail with an error. > could you provide more informations about your use case? As PTXdist > is not normally used to build "user friendly" distribution, there > are no users logging in... > > ladis > >> Signed-off-by: Tamino Bauknecht >> --- >> rules/pam.make | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/rules/pam.make b/rules/pam.make >> index 6e97e3320..df86c8da0 100644 >> --- a/rules/pam.make >> +++ b/rules/pam.make >> @@ -84,6 +84,8 @@ $(STATEDIR)/pam.targetinstall: >> @$(call install_alternative, pam, 0, 0, 0644, /etc/security/pam_env.conf) >> @$(call install_alternative, pam, 0, 0, 0644, /etc/security/time.conf) >> >> + @$(call install_alternative, pam, 0, 0, 0755, /sbin/mkhomedir_helper) >> + >> @$(call install_finish, pam) >> >> @$(call touch) >> -- >> 2.40.1 >>