Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

User home directory permission issue

See original GitHub issue

I’m managing the users and groups via Google Cloud Identity. And on GCP I assigned roles to the user groups created on Google Admin Console so I don’t have to manually add new members on GCP IAM individually. The problem I’m having now is subdirectories for specific users are created as they log in via OS Login for the first time. But the home directory of each user is set to “drwxr-xr-x.”, which can be accessed by other users from other groups. I checked the UMASK is 077 in the /etc/login.defs, which should be good.

How should I control the access permission between user home directories to prevent users from messing up others’ home directories?

The hard to do part is the user’s home directory is only created the first time they login via OS Login.

Thanks!

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
yuanzhoucommented, Jul 27, 2019

Update

So I created a new project and installed the slurm cluster. I logged into the controller node and the login node using the admin account, added the “umask=0077” to the /etc/pam.d/sshd as you suggested. Then added new users to IAM and tested again. All new users’ home directories now have the correct permission on both controller node and the login node!

Capture

I don’t know why my old GCP project didn’t work, but the new project proofed the solution! Thank you so much for your help!

0reactions
yuanzhoucommented, Jul 27, 2019

In my use case, all the VM instances are created with CentOS 7 image from Google. And this is what I get after the change:

Capture

“joe_yuan_midasnetwork_us” is the new user logged after adding the umask change. We’ll have lots of users to use the cluster via OS Login. And the /home is mounted to NFS filestore instance.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Permission denial for my own folder (myName) inside home ...
First regain ownership of your home, but only the directory (not -R ), then show us the result of the ls -la to...
Read more >
User Home Permissions – Mike Galvin - Technical Consultant
Right-click on the User-Homes folder and select “Properties” · Click on the “Security” tab · Click on the “Advanced” button · Click on...
Read more >
User home folder permission issue? : r/Whonix - Reddit
Each time I try and run tor on Whonix i receive an error message reading “ERROR: User home folder permission issue?
Read more >
ldap home directory permission issue on debian/ubuntu
I have joined the debian9 machine to microsoft AD when i run su - test1 it create the home directory but with below...
Read more >
Repairing permissions in your Home folder has changed
To my surprise, many users have since reported that following this procedure fixed a wide range of problems for them. This hasn't been...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

rsyslog.d/90-google.conf directs logging to /dev/console, but rsyslog doesn't have perm to open

Next page

Different username with oslogin enabled - clarification needed