I'm working with users set up in LDAP, and their home directories are defined as '/home/$USER'. Unfortunately, I don't have permission to modify the LDAP entries. However, I want to avoid creating actual home directories for these users on my servers. Is there a way to dynamically set their home directories to '/tmp' without making changes to LDAP?
3 Answers
Using SSSD's 'override_homedir' to point to '/tmp' is likely your best bet for this scenario. Alternatively, you could consider configuring PAM to handle it differently if you need to. Just remember, '/tmp' could lead to complications down the road, so weigh your options carefully!
Thanks for the input!
Since you can't directly modify LDAP, you might want to look into using SSSD. It has a feature that allows you to override the home directory setting that LDAP provides. Specifically, you can utilize 'override_homedir' to set it to '/tmp'. This is commonly done and should work for your situation! Check out the SSSD documentation for more details.
Thanks for the tip! That's exactly what I was looking for!
Just a word of caution: using '/tmp' or any subdirectories under it for users' home directories can lead to various issues. If you're set on not creating home directories at all, consider using a non-existent path in LDAP or a secure directory that no one can access. Changing the HOME environment variable after login can be inconsistent, so be careful with that approach.
I appreciate the warning—I'll keep that in mind!
Got it, I'll think about the potential issues.