[SSSD] [sssd PR#703][comment] nss: sssd returns '/' for emtpy home directories

Tue, 04 Dec 2018 05:53:09 -0800 

  URL: https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories

jhrozek commented:
"""
> On Tue, 2018-12-04 at 04:51 -0800, Jakub Hrozek wrote: Thanks, this passes 
> the test. And of course the patch is correct, but after some more testing, I 
> wonder if we should at least for one release default to 
> fallback_homedir=$something at least for the AD provider. Because now with 
> the completely minimal AD provider configuration (no POSIX attrs, ID mapping 
> only) I can't log in with an AD user: ``` $ getent passwd ***@***.*** 
> ***@***.***:*:215000500:215000513:Administrator::/bi n/bash $ su - 
> ***@***.*** su: user ***@***.*** does not exist ``` Note that this is minimal 
> config, realmd already adds fallback_homedir.
> Why this fails? Because of the missing homedir ?

Yes, su checks the homedir:
```
»·······su->pwd = xgetpwnam(su->new_user, &su->pwdbuf);
»·······if (!su->pwd
»·······    || !su->pwd->pw_passwd
»·······    || !su->pwd->pw_name || !*su->pwd->pw_name
»·······    || !su->pwd->pw_dir  || !*su->pwd->pw_dir)
»·······»·······errx(EXIT_FAILURE, _("user %s does not exist"), su->new_user)
```
ssh is more permissive and places you at `/`

> Or at least we should IMO add some backwards compatible handling when this 
> patch makes it to fedora or RHEL otherwise admins might not be happy. From 
> purely upstream point of view this change is probably OK with me.
> I think the AD provider should synthetize an home dir by default, without any 
> specific option being set, it's what is considered normal also in winbind 
> land, in fact I would look closely at what winbind does and do the same for 
> AD users by default. If fallback_homedir is set, skip the default and use 
> what that setting specifies. 

Then why not set a default value for fallback homedir? :-)

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/703#issuecomment-444106317

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org

Reply via email to