Bug 32169 – "su - $user" fails after making home directory via univention-mount-homedir

Bug 32169 - "su - $user" fails after making home directory via univention-mount-homedir


Summary:	"su - $user" fails after making home directory via univention-mount-homedir

Status:	RESOLVED WORKSFORME

Product:	UCS
Classification:	Unclassified
Component:	PAM
Version:	UCS 3.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-08-06 17:01 CEST by Philipp Hahn
Modified:	2021-05-14 15:42 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	1: Cosmetic issue or missing function but workaround exists
Who will be affected by this bug?:	4: Will affect most installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2019011121000939
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2013-08-06 17:01:42 CEST

[Ticket #2013061221001009] UCS Video Training

I created a user and tried "su - $user" when logged in as Administrator to switch to the new user, which fails on the first try, but succeeds on the second try:

Administrator@mas11:~$ LANG=C su - hahn
Password: 
Creating directory '/home/hahn'.
su: System error
Administrator@mas11:~$ LANG=C su - hahn
Password: 
hahn@mas11:~$ 

I can repeat the error by deleting the $HOME of that user.
The error does not happen with "ssh $user@host".

From /var/log/auth.log
Aug  6 16:50:36 mas11 su[2000]: Successful su for hahn by Administrator
Aug  6 16:50:36 mas11 su[2000]: + /dev/pts/0 Administrator:hahn
Aug  6 16:50:36 mas11 su[2000]: pam_unix(su:session): session opened for user hahn by Administrator(uid=2002)
Aug  6 16:50:37 mas11 su[2000]: pam_open_session: System error
Aug  6 16:50:45 mas11 su[2052]: Successful su for root by Administrator
Aug  6 16:50:45 mas11 su[2052]: + /dev/pts/0 Administrator:root
Aug  6 16:50:45 mas11 su[2052]: pam_unix(su:session): session opened for user root by Administrator(uid=2002)

It works when /etc/pam.d/common-session is changed to this:
#session    required   pam_runasroot.so program=/usr/sbin/univention-mount-homedir
session    required   pam_mkhomedir.so skel=/etc/skel umask=0066

May be a duplicate of Bug #17765

Comment 1 Stefan Gohmann

2017-06-16 20:39:26 CEST

This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4.

If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.

Comment 2 Stefan Gohmann

2017-08-08 07:09:28 CEST

This issue has been filed against UCS 3.1.

UCS 3.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.

Comment 3 Christian Völker

2019-01-22 09:36:11 CET

Happened on customer. Asking for a fix.
Customer will soon upgrade to 4.3 so we should provide a fix for this version.

By uncommenting the line as commented by phahn it works (as workaround).

Comment 5 Stefan Gohmann

2019-01-22 09:43:34 CET

See the following UCR variables and Bug #23637:
 - homedir/create
 - homedir/mount
 - homedir/mount/required

Does it help?

Comment 6 Christian Völker

2019-01-22 11:14:09 CET

By setting homedir/mount/required=false the issue goes away.

Is this supposed to be a workaround or is it the fix for this bug?

Comment 7 Arvid Requate

2019-04-11 12:55:20 CEST

IMHO the basic question is, why does univention-mount-homedir fail here? Is it a configuration problem of the user object or a code rubustness problem?
Just a naive remark: maybe we should just switch the order of univention-mount-homedir and pam_mkhomedir?

Comment 8 Ingo Steuwer

2021-05-14 15:42:22 CEST

This issue has been filed against UCS 4.3.

UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.