[Freeipa-users] IPA clashing with selinux on users home directories
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Mar 8 21:27:36 UTC 2012
Hi,
I used ipa-client-install --mkhomedir
How do I change that so it will do so properly?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Stephen Gallagher [sgallagh at redhat.com]
Sent: Friday, 9 March 2012 9:43 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] IPA clashing with selinux on users home directories
On Thu, 2012-03-08 at 20:14 +0000, Steven Jones wrote:
> Hi,
>
> I am setting up some IPA users what I have noticed is if I or they type
> startx to start a gui locking the .Xauthority fails, if I setenforce 0
> then it works fine.....I have never seen this behaviour before and
> googling suggests its an IPA and selinux conflict.
>
> and in fact when I create a local user they get an instant gui from
> running startx...
>
I'm guessing you're creating your home directories with the help of
pam_mkhomedir.so. This won't work with SELinux. You need to install and
use pam_oddjob_mkhomedir.so instead, which will properly set up SELinux
contexts for your users.
More information about the Freeipa-users
mailing list