Auto-creation of user home directories in Linux

Many of my viewers are seeking to find some information on “oddjob”, so I thought I might give some details that should help clear the air.

All Linux distributions that I have ever tested are subject to this situation, however please don’t see this as a problem. It is merely something that has not been configured (yet, as it is entirely optional).

If you have ever created a local user on a Linux system, you will find that the home directory for the new user is automatically created for you. As a user or an admin of the system in question, no further work needs to be performed.

However, many people in production environments integrated their Linux servers into some form of Identity Management solution.

This could be Microsoft Active Directory, Red Hat Directory Server, FreeIPA, or one of many other forms of IDM.

When you add your Linux system to your Identity Manager (IDM), this simply sets up the system with the ability to conduct user lookups and authenticate any request that comes in against your chosen IDM.

But, lets say you are in the situation where you are connected to your corporate IDM, and you have noticed that when a new user attempts to log into a Linux system, their home directory does not exist and is not created during the login process.

Chances are, the system has not yet been configured to auto-create the folder on log-in. If this is the case, you can follow the below steps on how to achieve this.

 

In the past, and even today, you can use the trusty “pam_mkhomedir.so” library. This method has been used for many years, however oddjob does supersede this method.

If you with do use this method, use it for RHEL5 and older systems.

Install the pam_mkhomedir.so package.

[root@server /]# yum install -y pam_mkhomedir.so

then add the below line to the end of /etc/pam.d/system-auth

session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022

This has been the method of choice for many many years. Although, with RHEL6 or newer systems, the new recommended way to auto-create home directories is to use oddjobd.

Follow the below steps to use oddjob.

Install oddjob

[root@server /]# yum install -y oddjob-mkhomedir

Set oddjob to start on boot, and start the service

[root@server /]# chkconfig oddjobd on
[root@server /]# service oddjobd start
Starting oddjobd:                                          [  OK  ]
[root@server /]#

Now we need to update our authentication mechanism to tell oddjob to create our home directory automatically.

root@server ~]# authconfig --enablemkhomedir --update
Starting Winbind services:                                 [  OK  ]
Starting oddjobd:                                          [  OK  ]
[root@server ~]#

That’s it. As simple as that.

Note: If you use SELinux in enforcing mode in your environments (and yes you should be if you just answered no to that question), you will need to stick with oddjob as there is currently an issue with pam_mkhomedir setting the incorrect SELinux contexts on home directories when they are created.

 

8 comments on “Auto-creation of user home directories in Linux

  1. Craig May 16, 2013 09:48

    Hi There,

    So I’ve got this working and SSH logins will create a home directory just fine. However how do you configure oddjobd to create home directories when the login comes from another source that isn’t SSHD?

    cheers!

    • Dale Macartney May 29, 2013 22:06

      Hi Craig

      Apologies for the late reply.

      oddjobd gets loaded via a pam process. If you have installed oddjobd and updated your authconfig, it should create a new home directory for any successful login process. It is not specific to services.

      In the old method of using pam_mkhomedir.so, this could be configured on a per service level, however I have never seen that done with oddjobd.

      Dale

      • Alberto March 25, 2014 15:57

        Hello,

        Just for your information, you could add

        session optional pam_oddjob_mkhomedir.so

        to your password-auth-ac and system-auth-ac files inside the /etc/pam.d directory instead of running authconfig.

        Thanks for the post!

  2. Adam May 23, 2013 04:11

    Thanks for the post!

  3. matt August 21, 2013 15:20

    How can you change the default directory path created by oddjob from

    /home/user

    to
    /home/username-first-letter/user

    ?

    Thanks!

    • Dale Macartney August 23, 2013 21:27

      Hi Matt

      Can you clarify what you are trying to achieve? If I understand correctly, I’ll do some testing on the below example for you.

      E.g
      Full Name: John Doe
      Username: jdoe
      Home Dir Path: /home/doe/jdoe

      Is this a good understanding of your objective?

      Dale

  4. Thomas April 16, 2014 10:11

    Thanx.

    Tried this on a CentOS 6.5 install, a client computer hooked up to rhel/CentOS’s “Identity Management” that supposedly (since rhel 6.2) is the “modern/recommended” way of doing IDM.

    I noticed that when doing the authconfig –enablemkhomedir –update command, the service sssd was for some reason stopped ( where your example above instead says “Starting Winbind services”) and that then stopped the IDM from working…

    Just start the sssd service again (and make sure with chkconfig that it’s started at boot etc) and stuff works just fine. See below :

    [root@terra ~]# chkconfig oddjobd on
    [root@terra ~]# chkconfig –list oddjobd
    oddjobd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
    [root@terra ~]# service oddjobd start
    Starting oddjobd: [ OK ]
    [root@terra ~]# authconfig –enablemkhomedir –update
    Stopping sssd: [ OK ] <— Here, this is no good!!
    Starting oddjobd: [ OK ]
    [root@terra ~]# chkconfig sssd on
    [root@terra ~]# chkconfig sssd –list
    sssd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
    [root@terra ~]# service sssd start
    Starting sssd: [ OK ]
    [root@terra ~]# su – tester1
    Creating home directory for tester1.

    Ref 1 – Red Hat’s guide to Identity Management
    Ref 2 – Nice blog by Luc de Louw on How-to-IPA

  5. Nagaraj November 25, 2015 23:09

    Is it possible to have different home directories for different users.

Leave a Reply to Nagaraj Cancel Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>