Re: [Freeipa-users] Centos 7 No permission to /home/..
Am Montag, 23. Februar 2015, 20:20:45 schrieb Jakub Hrozek: > On Mon, Feb 23, 2015 at 05:29:32PM +0100, Günther J. Niederwimmer wrote: > > I tested all (?), I have configured a ntp /mount for /home, Create a > > /home/user directory only on the ipa-server, nothing is working I have > > allways permission denied ? > > > > I found a Bug report for the oddjob-mkhomedir, to change the permission > > from 0002 to 0077 but now, I am on the end ? > > Which bugreport? IIRC there was one by Stef Walter which I can't find > right now described the default permissions, but it should still be > configurable.. I found this, http://stackoverflow.com/questions/23040225/incorrect-permissions-when-home-directory-is-automatically-created-in-freeipa -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Centos 7 No permission to /home/..
On Mon, Feb 23, 2015 at 05:29:32PM +0100, Günther J. Niederwimmer wrote: > I tested all (?), I have configured a ntp /mount for /home, Create a > /home/user > directory only on the ipa-server, nothing is working I have allways > permission > denied ? > > I found a Bug report for the oddjob-mkhomedir, to change the permission from > 0002 to 0077 but now, I am on the end ? Which bugreport? IIRC there was one by Stef Walter which I can't find right now described the default permissions, but it should still be configurable.. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Centos 7 No permission to /home/..
-Original Message- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Günther J. Niederwimmer Sent: Monday, February 23, 2015 9:30 AM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Centos 7 No permission to /home/.. Hello, Am Montag, 23. Februar 2015, 09:55:06 schrieb Jakub Hrozek: > On Sun, Feb 22, 2015 at 10:19:32PM +0100, Günther J. Niederwimmer wrote: > > Hello, > > > > I have installed centos 7 and a ipa-server on a other system a > > second ipa- server. > > > > But I can't create a user home directory, not on the server and not > > on a > > ipa- client with autocreate ? > > > > Have any a hint on witch place I can search for this problem ? > > > > sssd ipa-server / client > > > > When you like info please tell me what? > > The first step is verifying that "getent passwd $user" actually > reports the home dir you'd like it to. It's especially important to > check with users from trusted AD domains. This is working, tell me "/home/" > Do you intend to auto-create the home directories on the clients or > have them mounted from a central location? In the former case, you > should check configuration of oddjob-mkhomedir, in the latter, you > should check the automounter configuration. I tested all (?), I have configured a ntp /mount for /home, Create a /home/user directory only on the ipa-server, nothing is working I have allways permission denied ? I found a Bug report for the oddjob-mkhomedir, to change the permission from 0002 to 0077 but now, I am on the end ? But on a ipa client a can't do chown -R :ipausers to change the permission. The ipausers Group is not found on a client? Is this a sssd problem? Now I uninstall all and start again ?. On my setup, group 'ipausers' is not a Posix Group and thus isn't relevant to any of the servers. If indeed oddjob_mkhomedir is creating users $HOME with 755 permissions, then you might want to have a root cron script running on the NFS server itself to set the permissions on a regular basis... ie. 0 * * * * chmod 0700 /home/* > /dev/null 2>&1 #Every hour on the hour, set /home/* to users only. Not an SSSD problem. Craig -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Centos 7 No permission to /home/..
Hello, Am Montag, 23. Februar 2015, 09:55:06 schrieb Jakub Hrozek: > On Sun, Feb 22, 2015 at 10:19:32PM +0100, Günther J. Niederwimmer wrote: > > Hello, > > > > I have installed centos 7 and a ipa-server on a other system a second ipa- > > server. > > > > But I can't create a user home directory, not on the server and not on a > > ipa- client with autocreate ? > > > > Have any a hint on witch place I can search for this problem ? > > > > sssd ipa-server / client > > > > When you like info please tell me what? > > The first step is verifying that "getent passwd $user" actually reports > the home dir you'd like it to. It's especially important to check with > users from trusted AD domains. This is working, tell me "/home/" > Do you intend to auto-create the home directories on the clients or have > them mounted from a central location? In the former case, you should > check configuration of oddjob-mkhomedir, in the latter, you should check > the automounter configuration. I tested all (?), I have configured a ntp /mount for /home, Create a /home/user directory only on the ipa-server, nothing is working I have allways permission denied ? I found a Bug report for the oddjob-mkhomedir, to change the permission from 0002 to 0077 but now, I am on the end ? But on a ipa client a can't do chown -R :ipausers to change the permission. The ipausers Group is not found on a client? Is this a sssd problem? Now I uninstall all and start again ?. -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Centos 7 No permission to /home/..
On Sun, Feb 22, 2015 at 10:19:32PM +0100, Günther J. Niederwimmer wrote: > Hello, > > I have installed centos 7 and a ipa-server on a other system a second ipa- > server. > > But I can't create a user home directory, not on the server and not on a ipa- > client with autocreate ? > > Have any a hint on witch place I can search for this problem ? > > sssd ipa-server / client > > When you like info please tell me what? The first step is verifying that "getent passwd $user" actually reports the home dir you'd like it to. It's especially important to check with users from trusted AD domains. Do you intend to auto-create the home directories on the clients or have them mounted from a central location? In the former case, you should check configuration of oddjob-mkhomedir, in the latter, you should check the automounter configuration. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project