NAME¶

oddjobd-mkhomedir.conf - allow limited use of the mkhomedir functions

DESCRIPTION¶

The /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf is typically processed along with other files in the /etc/oddjobd.conf.d directory.

The mkhomedir helper itself accepts these options:

-f

Restore behavior before CVE-2020-10737 was fixed: create the home directory with user's ownership directly rather than create it as a root and only after populating it change to the user's ownership. The former behavior is insecure but may be used to allow creation of NFS-mounted home directories when non-Kerberos authentication is in use. It is prone for a race condition that could be exploited in the NFS-mounted home directories use case. To avoid CVE-2020-10737, do not use -f option in production environments.

-q

Refrain from outputting the usual "Creating home directory..." message when it creates a home directory.

-n

Only create the home directory; do not populate it using the contents of the skeleton directory.

-s

Override the location of the skeleton directory (by default: /etc/skel).

-u

Specify a umask whose bits are masked off of contents of the skeleton directory while they are copied to the user's new home directory. The default is read from /etc/login.defs by taking HOME_MODE and UMASK values, in this order. First found value persists.

SEE ALSO¶

oddjob.conf(5) login.defs(5)