From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mikhailnov@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
 autolearn_force=no version=3.4.1
To: devel@lists.altlinux.org, sin@altlinux.org
References: <CAK42-GqieHA6dGkX2=koagSUTF+z=A2noiMkj5_h8kobxrAR+w@mail.gmail.com>
 <CAK42-GqjrO45hWpXxsq+91NhX+9AdxO9W0GHNSZ1751ujS5SSA@mail.gmail.com>
 <CAK42-GqS-c7YnntyL1Twxcpwq1t4gWwHSzHsNnWfha6Ok9Hx0A@mail.gmail.com>
From: Mikhail Novosyolov <mikhailnov@altlinux.org>
Message-ID: <6bc0e860-59d6-80e6-5f2e-aa376bbb053b@dumalogiyamail.ru>
Date: Thu, 28 Nov 2019 04:14:25 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <CAK42-GqS-c7YnntyL1Twxcpwq1t4gWwHSzHsNnWfha6Ok9Hx0A@mail.gmail.com>
Content-Type: text/plain; charset=koi8-r; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: ru-RU
Subject: Re: [devel] =?utf-8?b?0J3QtdC70L7QutCw0LvRjNC90YvQuSDQstCw0YDQuNCw?=
 =?utf-8?b?0L3RgiDQvdCw0YHRgtGA0L7QtdC6IFBBTSAoc3lzdGVtLWF1dGgg0Lggc3lz?=
 =?utf-8?q?tem-policy=29?=
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 01:14:35 -0000
Archived-At: <http://lore.altlinux.org/devel/6bc0e860-59d6-80e6-5f2e-aa376bbb053b@dumalogiyamail.ru/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

27.11.2019 22:16, Evgeny Sinelnikov пишет:
> <...>
>>> <...>
>>> Настройка system-policy расширяемая и включает в себя, по умолчанию,
>>> две политики - local и global.
>>>
>>> ~ # control system-policy help
>>> global: global session policy with mkhomedir
>>> local: local session policy
>>> ~ # control system-policy summary
>>> system session policy type
>>> ~ # control system-policy help
>>> global: global session policy with mkhomedir
>>> local: local session policy
>>> ~ # control system-policy
>>> local
>>>
>>> По сути, первая от второй отличается только одним - наличием модуля
>>> pam_mkhomedir.so
>>>
>>> ~ # cat /etc/pam.d/system-policy-local
>>> #%PAM-1.0
>>> session         required        pam_mktemp.so
>>> session         required        pam_limits.so
>>> ~ # cat /etc/pam.d/system-policy-global
>>> #%PAM-1.0
>>> session         required        pam_mktemp.so
>>> session         required        pam_mkhomedir.so silent
>>> session         required        pam_limits.so
>>>
>>> <...>
>>>
Хотелось бы поинтересоваться, рассматривали ли вы вопрос pam_mkhomedir 
vs pam_oddjob_mkhomedir?

Использовать dbus для создания домашней директории из-под pam кажется 
совсем перебором, но то, что это решает проблемы с контекстами selinux 
(https://access.redhat.com/discussions/903523#comment-766163), весьма 
разумно.