.google_authenticator own by root

When a normal user runs google_authenticator the file .google_authenticator is own by root
-r--------. 1 root nogroup 117 Sep 27 12:29 .google_authenticator

In /var/log/secure I see :
ep 27 12:21:30 localhost sshd(pam_google_authenticator)[8475]: Secret file “/user/undergrads/John/.ssh/google_authenticator” must be owned by “John”

I have

Any file a user creates in .ssh is own by root.
How do I fix that?

OK, I have a more general problem.
Users that are authentication using openldap do not own any files they create, thy are own by root.


Sounds permissions are not set correctly to me, what’s the output of:

ls -ld /home/$USER/.ssh

Also is this on Rocky 8 or 9 and how did you install google-authenticator-1.07-1.el8.x86_64?

Regards Tom.

I have discovered that ALL the LDAP users have this problem.
When they create a new file anywhere in their home dirs it get own by root


So users not logging in through LDAP, can create files with the correct permissions?

Regards Tom.

Problem Fixed:
The issue was with the NFS shares I use for home dirs.
I had a wrong setting on the TrueNas server.

1 Like