Bug 371067 - pam_kwallet.so erroneously creates home directories
Summary: pam_kwallet.so erroneously creates home directories
Status: RESOLVED WORKSFORME
Alias: None
Product: kwallet-pam
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: 5.5.5
Platform: Kubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-18 09:38 UTC by C.P.A.vanrun
Modified: 2022-11-25 05:22 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description C.P.A.vanrun 2016-10-18 09:38:30 UTC
I am in the process of configuring a system wherein users' home directories are created via the session pam module pam_mkhomedir.so. However, the module pam_kwallet*.so creates the home directory before the common-session pam modules are activated. 

Having pam_kwallet*.so create the home directory results in the home directories having incorrect permissions and the default copy from /etc/skel/ being ignored. A better solution would be to have the pam_kwallet.so fail gracefully if the home directory does not exist yet.
I am using SDDM as login/display manager (pam config in additional info). 

Reproducible: Always

Steps to Reproduce:
1. Use sddm (or another display manager with PAM auth set up with pam_kwallet) to login when no homefolder for said user exists yet

Actual Results:  
pam_kwallet*.so creates the home directory with default umask (distro dependend) and pretty empty considering it ignores /etc/skel/.

Expected Results:  
pam_kwallet*.so fails gracefully letting the rest of the session stack handle the creation of the home directory.

I am running the following related packages on kubuntu 16.04.03

SDDM package : 0.13.0-1ubuntu5
libpam-kwallet4: 4:5.5.5-0ubuntu1
libpam-kwallet5: 4:5.5.5-0ubuntu1

/etc/pam.d/sddm contains:

#%PAM-1.0

# Block login if they are globally disabled
auth    requisite       pam_nologin.so
auth    required        pam_succeed_if.so user != root quiet_success

# auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
# gnome_keyring breaks QProcess
-auth   optional        pam_gnome_keyring.so
-auth   optional        pam_kwallet.so
-auth   optional        pam_kwallet5.so

@include common-account

# SELinux needs to be the first session rule.  This ensures that any
# lingering context has been cleared.  Without this it is possible that a
# module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# Create a new session keyring.
session optional        pam_keyinit.so force revoke
session required        pam_limits.so
session required        pam_loginuid.so
session required        pam_systemd.so
@include common-session
# SELinux needs to intervene at login time to ensure that the process starts
# in the proper default security context.  Only sessions which are intended
# to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-session optional       pam_gnome_keyring.so auto_start
-session optional       pam_kwallet.so auto_start
-session optional       pam_kwallet5.so auto_start

@include common-password

# From the pam_env man page
# Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack.

# Load environment from /etc/environment
session required        pam_env.so

# Load environment from /etc/default/locale
session required        pam_env.so envfile=/etc/default/locale

 in common-session pam_kwallet?.so should fail gracefully if the user home directory does not yet exist.
Comment 1 C.P.A.vanrun 2016-10-18 09:45:42 UTC
I forgot tho mention that removing libpam-kwallet4/5 resolves my problem and so does removing the following lines from the /etc/pam.d/sddm configuration:

-auth   optional        pam_kwallet.so
-auth   optional        pam_kwallet5.so
Comment 2 C.P.A.vanrun 2016-10-18 09:46:15 UTC
Related: https://bugs.mageia.org/show_bug.cgi?id=16143 S
Comment 3 Justin Zobel 2022-10-26 03:07:13 UTC
Thank you for reporting this bug in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 4 Bug Janitor Service 2022-11-10 05:12:32 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Bug Janitor Service 2022-11-25 05:22:45 UTC
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!