PAM: Execute a command before pam_mkhomedir?
There is a PAM module called pam_exec
- if you write a script which checks for and/or creates the ZFS volume, you can chain this into your existing PAM rules and keep things nice without assuming interactive login, default shells & skeleton directories, etc. For example, you could have
session required pam_unix.so
session required pam_exec.so check_zfs.sh $PAM_USER
or whatever suits your specific setup.
(As Tom Shaw pointed out in the comments, having session required pam_mkhomedir.so
would be redundant.)
It's worth pointing out, as asked, your question contains an invalid assumption: even PAM has no idea if it's the user's first login; it only knows whether the user has a home directory or not.
So, with that caveat in mind, it's not PAM doing it, but you could easily run something out of /etc/bashrc
, with the command preceded by a check for, and followed by drop of, a dotfile in the user's home directory. Need root privs? Either an appropriately-locked-down sudo
, or a setuid binary, will likely work best for you. Both options also give you the option of putting the dotfile somewhere where the user can't modify or delete it (if you care about that sort of thing).