diff --git a/lam/HISTORY b/lam/HISTORY index e162c3e10..c38a5cc71 100644 --- a/lam/HISTORY +++ b/lam/HISTORY @@ -1,4 +1,5 @@ September 2025 9.3 + - Lamdaemon: run /usr/sbin/userdel.local before (and no longer after) home directory is deleted (443) - LAM Pro: -> SMS support for password sending and password self-reset (441) diff --git a/lam/docs/manual-sources/appendix-lamdaemon.xml b/lam/docs/manual-sources/appendix-lamdaemon.xml index f2f300a83..7c94aca51 100644 --- a/lam/docs/manual-sources/appendix-lamdaemon.xml +++ b/lam/docs/manual-sources/appendix-lamdaemon.xml @@ -1,205 +1,204 @@ - - Setup for home directory and quota management + + Setup lamdaemon for home directory and quota management - Lamdaemon.pl is used to modify quota and home directories on a - remote or local host via SSH (even if homedirs are located on - localhost). + Lamdaemon.pl is used to modify quota and home directories on a remote + or local host via SSH (even if homedirs are located on localhost). - If you want wo use it you have to set up the following things to get - it to work: + If you want to use it you have to set up the following things to get + it to work: -
- Installation + Installation - First of all, you need to install lamdaemon.pl on your remote - server where LAM should manage homedirs and/or quota. This is usually a - different server than the one where LAM is installed. But there is no - problem if it is the same. + First of all, you need to install lamdaemon.pl on your remote server + where LAM should manage homedirs and/or quota. This is usually a different + server than the one where LAM is installed. But there is no problem if it is + the same. - - - - - - - + + + + + + + - + - Debian based (e.g. also - Ubuntu) + + + Debian based (e.g. also Ubuntu): Please install the lamdaemon DEB + package on your quota/homedir server. + - Please install the lamdaemon DEB package on your quota/homedir - server. + + RPM based (Fedora, CentOS, Suse, ...): Please install the + lamdaemon RPM package on your quota/homedir server. + - RPM based (Fedora, CentOS, Suse, - ...) - - Please install the lamdaemon RPM package on your quota/homedir - server. - - Other - - Please copy lib/lamdaemon.pl from the LAM tar.bz2 package to your - quota/homedir server. The location may be anywhere (e.g. use + + Other: Please copy lib/lamdaemon.pl from the LAM tar.bz2 package + to your quota/homedir server. The location may be anywhere (e.g. use /opt/lamdaemon). Please make the lamdaemon.pl script executable. -
+ + -
- LDAP Account Manager configuration + LAM server profile + configuration - - - Set the remote or local host in the configuration (e.g. - 127.0.0.1) - + + + Set the remote or local host in the configuration (e.g. + 127.0.0.1) + - - Path to lamdaemon.pl, e.g. - /srv/www/htdocs/lam/lib/lamdaemon.pl If you installed a DEB or - RPM package then the script will be located at - /usr/share/ldap-account-manager/lib/lamdaemon.pl. - + + Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl If + you installed a DEB or RPM package then the script will be located at + /usr/share/ldap-account-manager/lib/lamdaemon.pl. + - - Your LAM admin user must be a valid Unix account. It needs to - have the object class "posixAccount" and an attribute "uid". This - account must be accepted by the SSH daemon of your home directory - server. Do not create a second local account but change your system - to accept LDAP users. You can use LAM to add the Unix account part - to your admin user or create a new account. Please do not forget to - setup LDAP write access (ACLs) - if you create a new account. - - + + Your LAM admin user must be a valid Unix + account. It needs to have the object class "posixAccount" and an + attribute "uid". This account must be accepted by the SSH daemon of your + home directory server. Do not create a second local account but change + your system to accept LDAP users. You can use LAM to add the Unix + account part to your admin user or create a new account. Please do not + forget to setup LDAP write access (ACLs) + if you create a new account. + + - + - - - - - - - + + + + + + + - Note that the builtin admin/manager entries do not work for - lamdaemon. You need to login with a Unix account. + Note that the builtin admin/manager entries do not work for lamdaemon. + You need to login with a Unix account. - - - - - - - + + + + + + + - OpenLDAP ACL location: + OpenLDAP ACL location - The access rights for OpenLDAP are configured in - /etc/ldap/slapd.conf or - /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif. -
+ The access rights for OpenLDAP are configured in /etc/ldap/slapd.conf + or /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif. -
- Setup sudo + Setup sudo - The perl script has to run as root. Therefore we need a wrapper, - sudo. Edit /etc/sudoers on host where homedirs or quotas should be used - and add the following line: + The perl script has to run as root. Therefore we need a wrapper, sudo. + Edit /etc/sudoers on host where homedirs or quotas should be used and add + the following line: - $admin All= NOPASSWD: $path_to_lamdaemon * + $admin All= NOPASSWD: $path_to_lamdaemon * - $admin is the admin user from - LAM (must be a valid Unix account) and - $path_to_lamdaemon is the path to - lamdaemon.pl. + $admin is the admin user from LAM + (must be a valid Unix account) and $path_to_lamdaemon + is the path to lamdaemon.pl. - Example: + Example: - myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl - * + myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl * - You might need to run the sudo command once manually to init sudo. - The command "sudo -l" will show all possible sudo commands of the - current user. + You might need to run the sudo command once manually to init sudo. The + command "sudo -l" will show all possible sudo commands of the current + user. - Attention: Please do not use the - options "Defaults requiretty" and "Defaults env_reset" in /etc/sudoers. - Otherwise you might get errors like "you must have a tty to run sudo" or - "no tty present and no askpass program specified". -
+ Attention: Please do not use the + options "Defaults requiretty" and "Defaults env_reset" in /etc/sudoers. + Otherwise you might get errors like "you must have a tty to run sudo" or "no + tty present and no askpass program specified". -
- Setup Perl + Setup Perl - We need an extra Perl module - Quota. To install it, run: + We need an extra Perl module - Quota. To install it, run: + + + perl -MCPAN -e shell + + install Quota + + + If your Perl executable is not located in /usr/bin/perl you will have + to edit the path in the first line of lamdaemon.pl. If you have problems + compiling the Perl modules try installing a newer release of your GCC + compiler and the "make" application. + + Several Linux distributions already include a quota package for + Perl. + + Set up SSH + + Your SSH daemon must offer the password authentication method. To + activate it just use this configuration option in + /etc/ssh/sshd_config: + + PasswordAuthentication yes + + Calling of external scripts + + The following extra scripts are called if they exist: + + + + Create home directory: /usr/sbin/useradd.local <USER NAME> + (after directory was created) + + + + Delete home directory: /usr/sbin/userdel.local <USER NAME> + (before directory is removed) + + + + Troubleshooting + + If you have problems managing quotas and home directories then these + points might help: + + + + There is a test page for lamdaemon: Login to LAM and open Tools + -> Tests -> Lamdaemon test + + + + Check /var/log/auth.log or its equivalent on your system. This + file contains messages about all logins. If the ssh login failed then + you will find a description about the reason here. + + + + Set sshd in debug mode. In /etc/ssh/sshd_conf add these + lines: - perl -MCPAN -e shell + SyslogFacility AUTH - install Quota + LogLevel DEBUG3 - If your Perl executable is not located in /usr/bin/perl you will - have to edit the path in the first line of lamdaemon.pl. If you have - problems compiling the Perl modules try installing a newer release of - your GCC compiler and the "make" application. + Now check /var/log/syslog for messages from sshd. + + - Several Linux distributions already include a quota package for - Perl. -
- -
- Set up SSH - - Your SSH daemon must offer the password authentication method. To - activate it just use this configuration option in - /etc/ssh/sshd_config: - - PasswordAuthentication yes -
- -
- Troubleshooting - - If you have problems managing quotas and home directories then - these points might help: - - - - There is a test page for lamdaemon: Login to LAM and open - Tools -> Tests -> Lamdaemon test - - - - Check /var/log/auth.log or its equivalent on your system. This - file contains messages about all logins. If the ssh login failed - then you will find a description about the reason here. - - - - Set sshd in debug mode. In /etc/ssh/sshd_conf add these - lines: - - - SyslogFacility AUTH - - LogLevel DEBUG3 - - - Now check /var/log/syslog for messages from sshd. - - - - Error message "Your LAM admin user (...) - must be a valid Unix account to work with lamdaemon!": This - happens if you use the default LDAP admin/manager user to login to LAM. - Please see here and setup a Unix - account. -
- + Error message "Your LAM admin user (...) must be + a valid Unix account to work with lamdaemon!": This happens if + you use the default LDAP admin/manager user to login to LAM. Please see + here and setup a Unix account. + diff --git a/lam/lib/lamdaemon.pl b/lam/lib/lamdaemon.pl index 63683b115..98388ef79 100755 --- a/lam/lib/lamdaemon.pl +++ b/lam/lib/lamdaemon.pl @@ -264,10 +264,10 @@ sub removeHomedir { ($<, $>) = ($>, $<); # Get root privileges if (-d $vals[3] && $vals[3] ne '/') { if ((stat($vals[3]))[4] eq $vals[4]) { - system 'rm', '-Rf', $vals[3]; # delete home directory if (-e '/usr/sbin/userdel.local') { system '/usr/sbin/userdel.local', $vals[0]; } + system 'rm', '-Rf', $vals[3]; # delete home directory $return = "Ok"; logMessage(LOG_INFO, "Home directory removed (" . $vals[3] . ")"); }