Continuation of bug 2790. In the NFS root squash case, "root" is not allowed to write to /home/$USER. Currently, however, tl-ldap-certaliases tries to create the .ssh directory as root. This should fail. One alternative and probably better approach would be to change UID to the user itself before trying mkdir. This can be done by calling os.setuid() before mkdir, and then changing back to root afterwards.