Feature #15203
open
Option to allow customized user home directory permissions to be preserved
0%
Description
It is well intentioned and improves system security in general, that proper home directory ownerships are maintained.
Thus, the resetting of directory ownerships upon reboot is a fundamentally good idea, HOWEVER...
...if a user is created with privilege User - System: Copy files to home directory (chrooted scp) then for /usr/local/bin/scponly to work properly the chrooted home directory of such a user MUST be owned by root, and NOT the user!
The result is, that with each reboot, the ability to sftp/scp with that users credential stops working.
As a workaround, one can of course create a crontab entry that executes \@reboot and executes the following command:/bin/sleep 300 && /bin/test -d /home/acme && /bin/test ! -O /home/acme && /usr/sbin/chown root /home/acme
but that's really not how it should work, having to work against the system...
The full background of this and related issues can be found here:
Updated by Jim Pingle 3 months ago
- Tracker changed from Bug to Feature
- Subject changed from pfSense resets user home directory ownerships upon reboot even when it shouldn't to Option to allow customized user home directory permissions to be preserved
- Category changed from Administrivia to User Manager / Privileges
- Priority changed from Normal to Low
The way the users are currently synchronized this type of action is made to ensure consistently and that the accounts work properly.
There could maybe be a global and/or per-user option to change this behavior but the current method is the safest.