I'm dealing with a situation where all my users are set up in LDAP with a home directory attribute pointing to /home/$USER. Unfortunately, I'm unable to make any changes to the LDAP settings. However, on my servers, I don't want to create actual home directories for these users. Instead, I'm looking for a way to dynamically change their home directory to /tmp without modifying the LDAP data. Any suggestions on how to achieve this?
3 Answers
Using SSSD with the override_homedir directive set to /tmp is probably your best bet. Alternatively, you could explore using PAM exec to achieve this as well.
Just keep in mind that setting /tmp as a home will likely break many features for users, since they can write in /tmp.
Generally, using /tmp or similar directories for user home directories isn't a great idea. If you absolutely want to avoid creating home directories, consider setting a HOME directory in LDAP that either doesn’t exist or is locked down securely (like root:root 755 with nothing in it). Also, modifying the HOME environment variable after login can lead to inconsistent results depending on how you check it, so tread carefully. Can you share what your end goal is with this setup?
I just want to avoid cluttering the server with unnecessary user directories, but I need something that works!
You haven't provided much info aside from not being able to modify LDAP, so any answers will be based on assumptions. That said, you can achieve this using SSSD. It has an option called override_homedir, which allows you to override the home directory supplied by LDAP. Check out the man page for more details.
Thanks! That's exactly what I was looking for.
Thanks for the suggestion!