Ubuntu
pam package

pam_env does not evaluate ~/.pam_environment

Bug #584249 reported by deleted
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

In Ubuntu 10.04, any environment variables assigned in ~/.pam_environment do not seem to be applied.
for example if I have a ~/.pam_environment as follows

MY_VARIABLE="SOMETHING"

after restarting (or relogin), open a shell and try:
echo $MY_VARIABLE

expected: SOMETHING

but instead the result is blank

See original description
Revision history for this message
Guenther Montag (g-montag) wrote :

This seems to be an issue with encrypted home directories. I added

session required pam_env.so

at the end of /etc/pam.d/common-session and now ~/.pam_environment gets read. On another system without encrypted home directories (also 10.04) the work around is not needed. Perhaps in my case the system tries to read ~/.pam_environment before it is decrypted.

Revision history for this message
Andrey Bondarenko (abone) wrote :

I suppose this issue my be related to my question 159345 (it is about Natty). The cause of skipping .pam_environment some environment variables may be in spaces within variable values. Looks like conffile parser interprets quotes differently. Variables with quoted values because of spaces got skipped with parse error.

You may check this with the following test. Please be careful. If pam configuration is broken, you may be not able to login.

In ~/.pam_environment add:

MYVAR0="SOME_VALUE"
MYVAR1="SOME VALUE"

In file /etc/pam.d/login find a line with pam_env.so and add there option debug like follows:

session required pam_env.so debug readenv=1

Then login open a new console session and check results. In the session:

$ env | grep MYVAR
MYVAR0="SOME_VALUE"

only MYVAR0 is defined, but MYVAR1 is skipped. Also in /var/log/auth.log you can see something like that:

May 31 11:02:39 host login[26761]: pam_env(login:session): Unrecognized Option: VALUE"#012 - ignoring line

Revision history for this message
Andrey Bondarenko (abone) wrote :

Oops. I'm sorry, but the issue is not a bug at all.

Restarting shell does not use pam modules. You have to relogin or use other methods like sudo to trigger pam usage. I'm closing this bug as invalid.

Changed in pam (Ubuntu):
status: New → Invalid
Revision history for this message
kanub (gwd0fqy02) wrote :

I confirm the bug for "encrypted home directories". The workaround of "g-montag" works.

Changed in pam (Ubuntu):
status: Invalid → Confirmed
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote :

> Perhaps in my case the system tries to read ~/.pam_environment before it is decrypted.

This comment says it all. It's not a bug in pam if you're stacking modules in the wrong order for them to work.

Changed in pam (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.