8000 Create home directory in filemin if not exist by seabres · Pull Request #1153 · webmin/webmin · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Create home directory in filemin if not exist #1153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Create home directory in filemin if not exist #1153

wants to merge 1 commit into from

Conversation

seabres
Copy link
Contributor
@seabres seabres commented Dec 3, 2019

Filemin stores the user configuration in the home directory of the user itself. But it creates the config directory after switching to the desired user account.

If PAM is configured with makehomedir plugin, home directories may not exist until the user first login and cannot be created by the switched Webmin user.
On use of filemin as replacement for interactive login, this is not possible before creating home directory by root or PAM module with suid rights.. When using Webmin on multiple servers in a LDAP domain, this cannot be handled.

This patch creates the home directory of the user to switch to before switching to the user in case not existing and apply access right defaults for home directories.
Afterwards handling of filemin config files can process as before.

@jcameron
Copy link
Collaborator
jcameron commented Dec 4, 2019

Actually you can get this same behavior already by adding the line create_homedir=1 to /etc/webmin/config

@chris001
Copy link
chris001 commented Dec 5, 2019

Actually you can get this same behavior already by adding the line create_homedir=1 to /etc/webmin/config

Should this setting create_homedir=1 be the default setting ?

@jcameron
Copy link
Collaborator
jcameron commented Dec 6, 2019

Probably not, as it applies any time the user logs into Webmin, and so could create home dirs in cases where the admin doesn't really want it.

@seabres
Copy link
Contributor Author
seabres commented Dec 7, 2019

Agree with Jamie, create_homedir=1 shall not be default.
But there is a difference between create_homedir and this patch.

From my current knowledge filemin is the only module, which requires a homedir.
The setting create_homedir creates the homedir unconditional, even if the user has no access to filemin module. In installations with many machines and many user with several user levels (access rights via ldap) this results very fast having homedir for every user on every machine, even if Webmin is used instead of shell.
This patch creates it only on demand, if the user has access to filemin and the user uses it.

Is it preferred to share code with create_homedir ?
If yes, i can rewrite the patch accordingly.

@swelljoe
Copy link
Collaborator
swelljoe commented Dec 7, 2019

This feels problematic. It seems like Filemin shouldn't require a home directory. It assumes a Webmin user has a matching system user, which isn't always true.

So the problem is that Filemin makes assumptions that it shouldn't, and the solution probably isn't for it to try to re-shape the world to fit its wrong assumptions.

@chris001
Copy link
chris001 commented Dec 7, 2019

I guess, most service accounts and some user accounts, shouldn't have a home directory created for them, by default.

@swelljoe
Copy link
Collaborator
swelljoe commented Dec 7, 2019

I'd guess it's maybe using home to store configuration, but Webmin has user configuration storage already (in various locations in /etc/webmin) and functions for handling it.

@jcameron
Copy link
Collaborator
jcameron commented Dec 8, 2019

I assume the problem is that filemin is configured to limit the user to their home directory, but this doesn't work if there is no home dir?

@seabres
Copy link
Contributor Author
seabres commented Dec 10, 2019

filemin stores the configuration in users home directory, regardless of the configured directory limits for the user. The configuration in this case is which columns to display and how.
Agree, it is maybe no proper idea to store it in homedir. In case of using ldap based user accounts, the homedir approach is bad, because it applies only for one server.

So, we would have two options:

  • store as ACL
    pro: applies to all servers same
    con: user may not be able to configure display columns any more
  • store in /etc/webmin/filemin
    pro: user can configure display columns
    con: applies only to one server
    Dependent on the preferred solution, i can rewrite the patch for the desired configuration storage method and avoid homedir creation.

@iliaross iliaross force-pushed the master branch 2 times, most recently from 6ec1f01 to 75f0ca4 Compare April 13, 2020 21:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@seabres @jcameron @chris001 @swelljoe
0