On Sat, 2004-06-26 at 12:18, Stephen Touset wrote: > On Sat, 2004-06-26 at 11:52, John Summerfield wrote: > > Who owns the directory etc this creates? Who is the cp command being > > run as? > > > > Are the sudo and maildirmake in the right order? > > The problem was with permissions. However, I'm going through hell right > now trying to set up a sudoers file that will allow users to create > their own home directories. The key problem is creating it with *their* > permissions. If I can just be able to create a directory with specified > permissions, *without* having the utility change the permissions on an > already made directory, I'll be happy. > > Problems so far: > > /bin/install -o user does the trick, but if you call it on a directory > that already exists, it has its owner changed to user. > > /bin/mkdir has no way of specifying the owner, and I'm NOT going to > allow every user to do a `sudo chown` for obvious reasons.
I believe I found a solution. I created a file /usr/bin/create_home, and
allowed it to be executed via sudo. Its contents are printed below.
[EMAIL PROTECTED]:~$ cat /usr/bin/create_home
> #!/bin/dash
>
> su - $1 -c exit
I believe this to be the optimal solution for several reasons:
* No messy /etc/sudoers with possible security leaks
* Not allowing users access to dangerous utilities such as
chown, install, chgrp, etc.
* Uses already existing PAM infrastructure, so if home directory
structure, pam_mkhomedir, etc is changed, it doesn't have to
be done in the script as well.
If anyone sees a problem with this solution, let me know.
--
Stephen Touset <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
