Ssh – Pam is unable to make users home directory

authenticationgitlabssh

I have an ubuntu 12.04 LTS server that is tied to Active Directory. This is a git server running gitlab. Rather than using gitolite it uses the gitlab shell

In the logs I notice that every time the 'git' user authenticates, I get the same 11 errors in the /var/log/auth.log

May 14 15:06:10 gitlab sshd[14775]: pam_unix(sshd:session): session opened for user git by (uid=0)
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: skel
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: =
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: /etc/skel/
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: mask=0077
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: skel
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: =
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: /etc/skel/
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: mask=0077
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: skel
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: =
May 14 15:06:10 gitlab sshd[14775]: pam_mkhomedir(sshd:session): unknown option: /etc/skel/

The 'git' user already has a home directory.

I'm at a bit of a loss on this one. None of the top hits on google shed any light on the problem. Does anyone have any ideas?

Update

I'm pretty new to pam, here are what I think are relevant config files

ls /etc/pam.d
atd   chpasswd  common-account  common-password  common-session-noninteractive  login     other   polkit-1  samba  su
chfn  chsh      common-auth     common-session   cron                           newusers  passwd  ppp       sshd   sudo

cat /etc/pam.d/common-session | grep -v '#'
session [default=1]         pam_permit.so
session requisite           pam_deny.so
session required            pam_permit.so
session optional            pam_umask.so
session required    pam_unix.so
session optional                    pam_sss.so
session optional pam_mkhomedir.so skel = /etc/skel/ mask=0077
session optional pam_mkhomedir.so skel = /etc/skel/ mask=0077
session optional pam_mkhomedir.so skel = /etc/skel/ mask=0077
session optional            pam_ck_connector.so nox11


cat /etc/pam.d/sshd | grep -v '#'
@include common-auth
account    required     pam_nologin.so
@include common-account
@include common-session
session    required     pam_limits.so
session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
@include common-password

Best Answer

In the pam_mkhomedir lines in /etc/pam.d/common-session, try skel=/etc/skel umask=0077 (ie, remove the spaces around the = sign after skel, and add a u before mask).

Related Topic