System Administration

Create home directory on first login

Creating home directories for new users can be a difficult task and especially in an LDAP-based environment, but most PAM installations have the option to create a new home directory before the user login is completed. Debian also ships the module mpam_mkhomedir, but without a manifest to set it up correctly. Bug 640918 covers this issue, but for now, creating the file /usr/share/pam-configs/mkhomedir with the content below resolves the problem.

Name: Create home directory on first login
Default: no
Priority: 0
Session-Type: Additional
 required umask=0027

After creating the file, the command below updates the PAM-config to create the home directory when a user’s home directory doesn’t exist. In the example configuration above the default umask is 0027 so only the user and group will have access to the home directory.

$ sudo pam-auth-update --package mkhomedir

By default, the configuration in /etc/skel is being used to create a new home directory. This is a point of attention when the user needs files and/or directories when the user logs in and an example of this may be a Maildir for receiving mail.