URL:
https://github.com/SSSD/sssd/pull/703
Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented:
"""
On Tue, 2018-12-04 at 04:51 -0800, Jakub Hrozek wrote: Thanks, this
passes the test. And of course the patch is correct, but after some more testing, I wonder
if we should at least for one release default to fallback_homedir=$something at least for
the AD provider. Because now with the completely minimal AD provider configuration (no
POSIX attrs, ID mapping only) I can't log in with an AD user: ``` $ getent passwd
***(a)***.*** ***@***.***:*:215000500:215000513:Administrator::/bi n/bash $ su - ***(a)***.***
su: user ***(a)***.*** does not exist ``` Note that this is minimal config, realmd already
adds fallback_homedir.
Why this fails? Because of the missing homedir ?
Yes, su checks the homedir:
```
»·······su->pwd = xgetpwnam(su->new_user, &su->pwdbuf);
»·······if (!su->pwd
»······· || !su->pwd->pw_passwd
»······· || !su->pwd->pw_name || !*su->pwd->pw_name
»······· || !su->pwd->pw_dir || !*su->pwd->pw_dir)
»·······»·······errx(EXIT_FAILURE, _("user %s does not exist"),
su->new_user)
```
ssh is more permissive and places you at `/`
Or at least we should IMO add some backwards compatible handling when
this patch makes it to fedora or RHEL otherwise admins might not be happy. From purely
upstream point of view this change is probably OK with me.
I think the AD provider should synthetize an home dir by default, without any specific
option being set, it's what is considered normal also in winbind land, in fact I would
look closely at what winbind does and do the same for AD users by default. If
fallback_homedir is set, skip the default and use what that setting specifies.
Then why not set a default value for fallback homedir? :-)
"""
See the full comment at
https://github.com/SSSD/sssd/pull/703#issuecomment-444106317