Pluggable Authentication Modules are used in many Linux distributions for authentication tasks. Here are some useful modules and instructions for setting them up under Debian.
This module improves privacy by setting user private user directories
TMPDIR to point to this.
apt-get install libpam-tmpdir
is all that’s needed.
Note that a more sophisticated solution is to use
which results in each login user appearing to have their own separate
but this has a number of potential side-effects
which although manageable add to the complexity of setup.
pam_namespace does not rely on applications honouring
This module provides a unified way of setting umask for users on login.
apt-get install libpam-umask
for 750 directories, 640 files.
Allows for ssh agent unlocking on login, without the need to run
apt-get install libpam-ssh
This will mount filesystems on logging in and unmount them on logging out.
apt-get install libpam-mount cifs-utils
Enable per-user setup in
<luserconf name=".pam_mount.conf.xml" />
and allow gid option:
<!-- Note that commenting out mntoptions will give you the defaults. You will need to explicitly initialise it with the empty string to reset the defaults to nothing. --> <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,gid" />
<pam_mount> <volume fstype="cifs" server="helix" path="Admin" mountpoint="/home/%(USER)/mnt/Admin" options="nosuid,nodev,gid=admin" /> <volume fstype="cifs" server="helix" path="Data" mountpoint="/home/%(USER)/mnt/Data" options="nosuid,nodev,gid=devel" /> <volume fstype="cifs" server="helix" path="%(USER)" mountpoint="/home/%(USER)/mnt/%(USER)" options="nosuid,nodev" /> </pam_mount>
Create your mount point
~/mnt, and on next login your mounts should appear.