pam_env applies user_envfile twice
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
New
|
Medium
|
Unassigned |
Bug Description
I originally noticed this on Ubuntu 12.04 with 1:5.9p1-5ubuntu1.2, but judging from the sources it seems to be in 1:6.6p1-2 as well.
I added to ~/.pam_environment
PATH DEFAULT=
When I ssh into the machine it gives the prepended path twice:
$ ssh localhost echo '$PATH'
/home/user/
I'd expect it prepend the path only once.
The latest sources ( ~ubuntu-
# Read environment variables from /etc/environment and
# /etc/security/
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/
auth required pam_env.so envfile=
pam_env loads always first conffile (default /etc/security/
If you need to load a fourth configuration file, you can do it without loading the conffile and user_envfile twice by having these two lines:
auth required pam_env.so
auth required pam_env.so conffile=/dev/null envfile=
The first line reads the three default files and the second line reads only the envfile that is changed from the default.
I verified this fix works on Ubuntu 12.04.
This bug seems to be in most other packages as well.
Thank you for taking the time to report this bug and helping to make Ubuntu better.
This sounds reasonable to me. I wondered about /etc/skel/.profile, which also prepends ~/bin, but I think this is a red herring since in your case you aren't getting a login shell, and I verified this on my machine with "ssh localhost echo '$PATH'" not including ~/bin on my system, where I haven't added a ~/.pam_environment as you have.
So as far as I can tell, this is a valid bug, and should be fixed as you have proposed. I'm not confident enough in my own understanding to push for this myself though; I'd like to hear a second opinion from Colin or someone.
Setting Importance: Medium as a workaround is available.