"pun_pre_hook_root_cmd" execution error

Hello!
I’m using OOD 3.1.1 and trying to configure the creation of a home directory when a user logs in.
For this purposes I use a parameter in ood_portal.yml
pun_pre_hook_root_cmd: ‘/pun_pre_hook’
The “pun_pre_hook” script is very simple

#!/bin/bash
## script accepts a string "--user USERNAME" from OOD
## so USERNAME is the second parameter - $2

# check if user's home directory exist, if not create it
if [ ! -d /home/$2 ]; then
 mkdir /home/$2
 chown -R $2:$2 /home/$2
fi

But when a user without a home directory logs in, every time an error occurs “Permission denied @ dir_s_mkdir - /home/test”
I don’t understand why this is happening. The documentation says that “pun_pre_hook_root_cmd” runs with root rights.

I am attaching a ondemand-nginx error.log file
error.txt (5.1 KB)

Please help me solve the problem.

Are you sure the script is being executed? You can use the logger command to send messages to the syslog or you can redirect output to a temporary file to see what’s happening in the script.

Thanks for advice.
I changed the pun_pre_hook_root_cmd to
pun_pre_hook_root_cmd: ‘/pun_pre_hook 1>/log 2>/log-error’

So after login (again with an error) there are no log files in /
It seems that script is not executed at all.
That’s another question why it is not running? How to fix it?

Just in case, I checked that the script runs directly from cmd without errors.

There could be an apache log line that has some info in it.

Sorry for the long reply.
I set the apache log level to trace8, but unfortunately there are no entries mentioning the name of the script “pun_pre_hook” or parameter “pun_pre_hook_root_cmd” in the logs.

Does pun_pre_hook_root_cmd run as root? I create accounts (part of that process is making a home dir) via user_map_cmd as that does run as root.

Yes.

This is so strange. Can you confirm that the configuration exists in the ood-portal.conf file in /etc/httpd/conf.d. ?

There are 3 files ood-portal.conf:
/etc/systemd/system/apache2.service.d/ood-portal.conf
/etc/apache2/sites-available/ood-portal.conf
/etc/apache2/sites-enabled/ood-portal.conf

Both last two files contain the following line:
SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD “/pun_pre_hook”

Maybe there’s something in journalctl under the unit ood_nginx_stage. Our nginx_stage library will use this logger to log errors.

Sorry, but “journalctl -u ood_nginx_stage” gives “-- No entries --”
and “journalctl | grep ood_nginx_stage” also gives nothing

Maybe I don’t have configured ood_nginx_stage logging ?

Instead of redirecting output in the command, try redirecting output in the shell script itself or using logger to log to the system log. Indeed try echoing anyting into any file and see if it’s being executed that way.