Create home directories at login

In some situations it is important that home directories are created at login if they don't exist. Such scenarios include NIS or AD authentication, or when a local user is created without the -m option.


Fortunately PAM (Pluggable Authentication Modules) comes with a handy module to achieve this: pam_mkhomedir.

To use this one must add this line in a few of the pam config files, depending on the needs.

session    required     pam_mkhomedir.so  skel=/etc/skel/ umask=0022

The new home directory will be populated with all files and folders in /etc/skel.
The SKEL default location can be changed in /etc/default/useradd.
'SKEL=/etc/skel'

To create directories using local Login (as for instance in the console or graphical desktop), modify this file:

/etc/pam.d/login

#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
account    include      system-local-login
session    required     pam_mkhomedir.so  skel=/etc/skel/ umask=0022
session    include      system-local-login


To create home directories when using ssh to login modify this file:

/etc/pam.d/sshd

#%PAM-1.0
#auth     required  pam_securetty.so     #disable remote root
auth      include   system-remote-login
account   include   system-remote-login
password  include   system-remote-login
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session   include   system-remote-login

To create directories when using 'su' to switch users, modify:

/etc/pam.d/su

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            required        pam_unix.so
account         required        pam_unix.so
session    required     pam_mkhomedir.so  skel=/etc/skel/ umask=0022
session         required        pam_unix.so

An example:

login as: nisuser
nisuser@172.21.11.118's password:
Creating directory '/home/nisuser'.
Last login: Wed Dec  2 09:15:19 2015 from 172.21.12.183
[nisuser@archlinux2 ~]$


NOTE: It is important to add the pam_mkhomedir.so module as the first session line. If you'd have this, for example:

session         required        pam_unix.so
session    required     pam_mkhomedir.so  skel=/etc/skel/ umask=0022

Then the module pam_mkhomedir would not be called.