When adding the "debug" parameter to the invokation of pam_env in /etc/pam.d/gdm-password, I'm seeing the following in journalctl:
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LANG=en_US.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_NUMERIC=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_TIME=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_MONETARY=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_PAPER=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_NAME=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_ADDRESS=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_TELEPHONE=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_MEASUREMENT=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LC_IDENTIFICATION=es_ES.UTF-8")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): pam_putenv("LANGUAGE=en_US")
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LANGUAGE=fr_FR:en_GB:en"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LANG=fr_FR.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_NUMERIC=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_TIME=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_MONETARY=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_PAPER=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_NAME=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_ADDRESS=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_TELEPHONE=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_MEASUREMENT=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "LC_IDENTIFICATION=es_ES.UTF-8"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_env(gdm-password:session): remove variable "PAPERSIZE=a4"
oct 09 09:52:59 artfulvm gdm-password][1072]: pam_unix(gdm-password:session): session opened for user ubuntu by (uid=0)
The code for the _undefine_var() function in pam-env.c (https://github.com/linux-pam/linux-pam/blob/master/modules/pam_env/pam_env.c#L738) calls pam_putenv(pamh, var->name), and this happens to work because var->name == "NAME=value", which is the first token on the line.
This is working, but really by accident, and if in the future pam's parser for conf files becomes stricter, this will cease to work. I think we should consider complying better with the documented way of setting variable values (and we should update the documentation, too).
When adding the "debug" parameter to the invokation of pam_env in /etc/pam. d/gdm-password, I'm seeing the following in journalctl:
oct 09 09:52:59 artfulvm gdm-password] [1072]: pam_env( gdm-password: session) : pam_putenv( "PATH=/ usr/local/ sbin:/usr/ local/bin: /usr/ [1072]: pam_env( gdm-password: session) : pam_putenv( "LANG=en_ US.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_NUMERIC= es_ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_TIME= es_ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_MONETARY= es_ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_PAPER= es_ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_NAME= es_ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_ADDRESS= es_ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_TELEPHONE= es_ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_MEASUREMENT =es_ES. UTF-8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LC_IDENTIFICAT ION=es_ ES.UTF- 8") [1072]: pam_env( gdm-password: session) : pam_putenv( "LANGUAGE= en_US") [1072]: pam_env( gdm-password: session) : remove variable "LANGUAGE= fr_FR:en_ GB:en" [1072]: pam_env( gdm-password: session) : remove variable "LANG=fr_FR.UTF-8" [1072]: pam_env( gdm-password: session) : remove variable "LC_NUMERIC= es_ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "LC_TIME= es_ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "LC_MONETARY= es_ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "LC_PAPER= es_ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "LC_NAME= es_ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "LC_ADDRESS= es_ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "LC_TELEPHONE= es_ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "LC_MEASUREMENT =es_ES. UTF-8" [1072]: pam_env( gdm-password: session) : remove variable "LC_IDENTIFICAT ION=es_ ES.UTF- 8" [1072]: pam_env( gdm-password: session) : remove variable "PAPERSIZE=a4" [1072]: pam_unix( gdm-password: session) : session opened for user ubuntu by (uid=0)
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
oct 09 09:52:59 artfulvm gdm-password]
The code for the _undefine_var() function in pam-env.c (https:/ /github. com/linux- pam/linux- pam/blob/ master/ modules/ pam_env/ pam_env. c#L738) calls pam_putenv(pamh, var->name), and this happens to work because var->name == "NAME=value", which is the first token on the line.
This is working, but really by accident, and if in the future pam's parser for conf files becomes stricter, this will cease to work. I think we should consider complying better with the documented way of setting variable values (and we should update the documentation, too).