Investigating a bit further, I notice that /etc/pam.d/su contains the lines:
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
If I add these to /etc/pam.d/sudo then I can set environment variables either in /etc/environment or in /etc/security/pam_env.conf.
So should "session required pam_env.so readenv=1" be added to /etc/pam.d/sudo or is there a security reason why sudo should not use pam_env.so but su should?
Investigating a bit further, I notice that /etc/pam.d/su contains the lines:
# This module parses environment configuration file(s) pam_env. conf. /etc/default/ locale
# and also allows you to use an extended config
# file /etc/security/
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=
If I add these to /etc/pam.d/sudo then I can set environment variables either in /etc/environment or in /etc/security/ pam_env. conf.
So should "session required pam_env.so readenv=1" be added to /etc/pam.d/sudo or is there a security reason why sudo should not use pam_env.so but su should?
Thanks.