Craig White wrote:
On Fri, 2005-08-26 at 12:48 -0400, Eric Feldhusen wrote:
John H Terpstra wrote:
On Friday 26 August 2005 10:07, Paul Gienger wrote:
What is your OS platform? Does it implement controls over permitted home
directories and shells that can be specified to the useradd command?
More than one Linux distro will NOT permit the creation of a user account
(that is what a Windows domain member trust account is on the UNIX host) with
a shell other than what is defined in /etc/shells, and some will not permit a
home directory that consists of /dev/null.
If your Linux distro has paranoid controls like that, a work around is
necessary. Here is a possible work-around:
add machine script = /usr/sbin/useradd -d /var/nodirs -g computers
-s /bin/false '%u'
Note that the %u is quoted with single quotes.
Add to the /etc/shells: /bin/false
Create the directory /var/nodirs with permissions set:
chown root:root /var/nodirs
chmod 550 /var/nodirs
In other words, all access to /var/nodirs prevents user ability to write to
the directory. It should also have no contents.
- John T.
Will this work with Redhat Enterprise 3 & 4? Just curious, and I'm not
in a position to check at the moment.
RHEL 3/4 support invalid shells and home directory of /dev/null so this
workaround shouldn't be necessary
Craig
But, from experience, RHEL3/4 doesn't support usernames with a $ at the
end. The reasoning I've heard was it's not POSIX compliant. The fix
I've heard to do with replace the shadow-utils rpm in RHEL4 with the
shadow-utils rpm from Fedora Core 3, but I do so hate to mix and match
rpms considering I help manage nearly 100 servers with other people, so
I like to keep them "standard" as much as possible.
--
Eric Feldhusen
System Administrator http://www.remc1.org
PO Box 270 (906) 482-4520 x239
809 Hecla St (906) 482-5031 fax
Hancock, MI 49930 (906) 370 6202 mobile
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
