Ubuntu
pam package

pam_env should document per-user environment file ~/.pam_environment more clearly

Bug #145380 reported by Jerome Haltom
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

pam_env reads /etc/environment. An alternate file which is parsed after /etc/environment should be possible: ~/.environment. This would follow the exact same rules as /etc/environment. Functionally it would be as if it was concatinated to /etc/environment.

This would require pam_env to be in the PAM stack at a point suitable for ~ to be available. Which seems doable to me.

Tags: manpage
Revision history for this message
Jerome Haltom (wasabi) wrote :

Adding this ability to pam_env would allow #64064 to be implemented properly, on a per-user basis.

Revision history for this message
Kees Cook (kees) wrote :

Thanks for this report and helping to make Ubuntu better. This is already implemented as ~/.pam_environment . This clearly needs to be documented in the pam_env manpage. I have adjusted the bug title to reflect this.

Changed in pam:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Jason Toffaletti (jason) wrote : Re: pam_env should document per-user environment file ~/.pam_environment

I took a stab at updating the manpage as part of fixing LP#64064, here is my text:

Users may set their own environment settings in the same format (~/.pam_environment by default)
Admins can change the default file to parse with the user_env_file flag and turn it on or off by setting the user_read_env flag to 1 or 0 respectively.

Any suggestions? debdiff attached.

Revision history for this message
Andrey Bondarenko (abone) wrote :

Manpage for pam_env has mention of $HOME/.pam_environment in FILES section. Your version looks more verbose. If you think it is better, can you please adapt it to the current version and we can try to go through sponsoring process. If not, I think, the bug should be closed now.

tags: added: manpage
Steve Langasek (vorlon)
Changed in pam (Ubuntu):
status: Confirmed → Triaged
summary: pam_env should document per-user environment file ~/.pam_environment
+ more clearly
Revision history for this message
Hendrik (joker-x) wrote :

In Ubuntu 11.04, .pam_environment does not use the usual "KEY=VAL" format, but the pam config file format! This is unintuitive, not documented, and not useful (I was under the impression that .pam_environment was supposed to be _the_ place to set user-specific environment variables now). Even worse, if you try to add something to PATH in .pam_environment, this will reset PATH and prevent you from logging in via GDM (it will always throw you back to the login screen without giving any information)!

Revision history for this message
Andrey Bondarenko (abone) wrote :

You may be interrested in discussion in upstream mailing list
https://fedorahosted.org/pipermail/pam-developers/2011-June/000075.html.

There is a chance that in future versions the issue will be fixed upstream, but some backward incompatible changes may occur. The upcoming patch will introduce both user_env and user_conf files, but disables them by default. Currently available version 1.1.4 still reads .pam_environment as conf file.

Revision history for this message
Mihai Capotă (mihaic) wrote :

The URL of the old upstream discussion has changed:
https://<email address hidden>/thread/GK7PNA3ZBNJMI2LJFAAKXZZ23L2QMW52/

The man page in Ubuntu 14.04 documents .pam_environment as an environment file:
http://manpages.ubuntu.com/manpages/trusty/en/man8/pam_env.8.html

The Ubuntu Community Help Wiki documents the syntax of .pam_environment as a mixture of configuration and environment syntaxes:
https://help.ubuntu.com/community/EnvironmentVariables#Session-wide_environment_variables

This mixed syntax works in Ubuntu 14.04. This is not reflected in the man page, so I think this bug is still valid.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.