0
I have an OpenLDAP directory with different users and ideally I want to link up their network homes directories depending on their UNIX group, which are different to CentOS 7 default /home/$USER, upon their first login to a machine.
My first consideration has been doing this with a script on /etc/profile.d but I am unsure whether it would best to add the execution script to PAM's module login (/etc/pam.d/login) with the following line:
session optional pam_exe.so /bin/bash /path/to/script
What would the best practice for what I am trying to achieve. Does it make any difference?
Rubycon
Posted 2019-05-21T11:21:33.457
Reputation: 31
I have figured out that it is not possible using profile.d due to the fact that /home is owned by root and profile is executed by the user. I need to escalate privileges to create the symlink, therefore, I believe I need to create a PAM module to retrieve the user's data using the PAM C library and perform actions as root. – Rubycon – 2019-05-22T07:51:04.917