On Sat, 2004-06-26 at 12:18, Stephen Touset wrote: > On Sat, 2004-06-26 at 11:52, John Summerfield wrote: > > Who owns the directory etc this creates? Who is the cp command being > > run as? > > > > Are the sudo and maildirmake in the right order? > > The problem was with permissions. However, I'm going through hell right > now trying to set up a sudoers file that will allow users to create > their own home directories. The key problem is creating it with *their* > permissions. If I can just be able to create a directory with specified > permissions, *without* having the utility change the permissions on an > already made directory, I'll be happy. > > Problems so far: > > /bin/install -o user does the trick, but if you call it on a directory > that already exists, it has its owner changed to user. > > /bin/mkdir has no way of specifying the owner, and I'm NOT going to > allow every user to do a `sudo chown` for obvious reasons.
I believe I found a solution. I created a file /usr/bin/create_home, and allowed it to be executed via sudo. Its contents are printed below. [EMAIL PROTECTED]:~$ cat /usr/bin/create_home > #!/bin/dash > > su - $1 -c exit I believe this to be the optimal solution for several reasons: * No messy /etc/sudoers with possible security leaks * Not allowing users access to dangerous utilities such as chown, install, chgrp, etc. * Uses already existing PAM infrastructure, so if home directory structure, pam_mkhomedir, etc is changed, it doesn't have to be done in the script as well. If anyone sees a problem with this solution, let me know. -- Stephen Touset <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part