pam-mkhomedir does not honor private home directories

Here is a demonstration as requested in Discourse. These steps were run on a stock image of Ubuntu Impish taken from https://cloud-images.ubuntu.com/impish/current/.

Showing the inconsistent behavior of the default settings if the goal is private home directories. Both adduser and useradd create a home directory that is private but pam_mkhomedir.so does not.

# enable pam_mkhomedir.so configuration
pam-auth-update --enable mkhomedir
# create a user with adduser that creates the home directory
adduser --disabled-password --gecos adduser homemadebyadduser
# create a user with useradd that creates the home directory
useradd --create-home homemadebyuseradd
# create a user with useradd that does *not* create the home directory so that pam_mkhomedir.so can create it
useradd --no-create-home homemadebymkhomedir
# trigger pam_mkhomedir.so to create the home directory
su - homemadebymkhomedir -c exit

The result is inconsistent permissions on the home directories.
root@ubuntu:~# ls -al /home
total 24
drwxr-xr-x 6 root root 4096 Jan 11 03:27 .
drwxr-xr-x 19 root root 4096 Jan 11 03:13 ..
drwxr-x--- 2 homemadebyadduser homemadebyadduser 4096 Jan 11 03:20 homemadebyadduser
drwxr-xr-x 2 homemadebymkhomedir homemadebymkhomedir 4096 Jan 11 03:27 homemadebymkhomedir
drwxr-x--- 2 homemadebyuseradd homemadebyuseradd 4096 Jan 11 03:23 homemadebyuseradd
drwxr-x--- 4 ubuntu ubuntu 4096 Jan 11 03:15 ubuntu

Configuring pam_mkhomedir.so to be consistent with the other tools.

# update pam_mkhomedir.so configuration
sed -i -e "s/pam_mkhomedir.so$/pam_mkhomedir.so umask=0027/" /usr/share/pam-configs/mkhomedir
# enable mkhomedir again
pam-auth-update --enable mkhomedir
# create a user with useradd that does *not* create the home directory so that pam_mkhomedir.so can create it
useradd --no-create-home homemadebymkhomedirpatch
# trigger pam_mkhomedir.so to create the home directory
su - homemadebymkhomedirpatch -c exit

The result is the permissions are consistent with the other tools.
root@ubuntu:~# ls -l /home/
total 20
drwxr-x--- 2 homemadebyadduser homemadebyadduser 4096 Jan 11 03:20 homemadebyadduser
drwxr-xr-x 2 homemadebymkhomedir homemadebymkhomedir 4096 Jan 11 03:27 homemadebymkhomedir
drwxr-x--- 2 homemadebymkhomedirpatch homemadebymkhomedirpatch 4096 Jan 11 03:36 homemadebymkhomedirpatch
drwxr-x--- 2 homemadebyuseradd homemadebyuseradd 4096 Jan 11 03:23 homemadebyuseradd
drwxr-x--- 4 ubuntu ubuntu 4096 Jan 11 03:15 ubuntu

I created a patch that changes the behavior of the default mkhomedir configuration to follow the "private home directories" proposal. The permissions on home directories created by pam_mkhomedir.so will be consistent with the permissions on home directories created by `adduser` and `useradd`.

The attachment "private_homedir.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Status changed to 'Confirmed' because the bug affects multiple users.