I am trying to create a test web server/ftp server within a college for students to learn html, php etc… I figured to do this properly I should also teach them a little ftp and other things to give a full picture.
I have the apache set up and if I add a user on the workstation they get a public_html directories that works and their pages appear no problem.
I want the students to be able to log in with their AD 2003 usernames and passwords (I don’t want to have to administer any more users/passwords). If I log in locally with the user not a problem, the students can make pages and they are hosted normally from the box.
The problem arises that the students don’t have their home directories created by default until they look onto the computer so when they ftp they get:
500 OOPS: Cannot change directory:/home/fred
If the student is logged into the machine normally or I su to the student then I get:
rockhopper:/etc/pam.d# su test.student
Creating directory '/home/RIC/test.student'.
Creating directory '/home/RIC/test.student/public_html'.
And then the ftp works fine.
I have tried adding the pam_mkhomedir to my /etc/pam.d/vsftp file but with no luck. File shown below [/etc/pam.d/vsftp]:
# Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers
# Note: vsftpd handles anonymous logins on its own. Do not enable
# Standard blurb.
auth required pam_shells.so
#auth required pam_mkhomedir.so umask=022 skel=/etc/skel/
session required pam_mkhomedir.so umask=022 skel=/etc/skel
File shown below [/etc/pam.d/common-session]:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
File shown below [/etc/pam.d/su]:
# The PAM configuration file for the Shadow `su' service
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth required pam_wheel.so
# Uncomment this if you want wheel members to be able to
# su without a password.
# auth sufficient pam_wheel.so trust
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth required pam_wheel.so deny group=nosu
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
# "nopen" stands to avoid reporting new mail when su'ing to another user
session optional pam_mail.so nopen
# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session required pam_limits.so
Is there a way I can run a script when a user logs in to ftp that makes their home directories or do I have to manually (or get a script to) make all the home directories before the lesson? I've been googling this one for hours