pam_env — PAM module to set/unset environment variables

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

DESCRIPTION

The pam_env PAM module allows the (un)setting of environment variables.
Supported is the use of previously set environment variables as well as 
PAM_ITEMs such as PAM_RHOST.

By default rules for (un)setting of variables are taken from the config file /
etc/security/pam_env.conf. An alternate file can be specified with the conffile
option.

Second a file (/etc/environment by default) with simple KEY=VAL pairs on
separate lines will be read. With the envfile option an alternate file can be
specified. And with the readenv option this can be completly disabled.

Third it will read a user configuration file ($HOME/.pam_environment by
default). The default file file can be changed with the user_envfile option and
it can be turned on and off with the user_readenv option.

Since setting of PAM environment variables can have side effects to other
modules, this module should be the last one on the stack.

OPTIONS

conffile=/path/to/pam_env.conf

    Indicate an alternative pam_env.conf style configuration file to override
    the default. This can be useful when different services need different
    environments.

debug

    A lot of debug information is printed with syslog(3).

envfile=/path/to/environment

    Indicate an alternative environment file to override the default. The
    syntax are simple KEY=VAL pairs on separate lines. The export instruction
    can be specified for bash compatibility, but will be ignored. This can be
    useful when different services need different environments.

readenv=0|1

    Turns on or off the reading of the file specified by envfile (0 is off, 1
    is on). By default this option is on.

user_envfile=filename

    Indicate an alternative .pam_environment file to override the default.The
    syntax is the same as for /etc/environment. The filename is relative to the
    user home directory. This can be useful when different services need
    different environments.

user_readenv=0|1

    Turns on or off the reading of the user specific environment file. 0 is
    off, 1 is on. By default this option is on.

EXAMPLES

These are some example lines which might be specified in /etc/security/
pam_env.conf.

Set the REMOTEHOST variable for any hosts that are remote, default to
"localhost" rather than not being set at all

      REMOTEHOST     DEFAULT=localhost OVERRIDE=@{PAM_RHOST}


Set the DISPLAY variable if it seems reasonable

      DISPLAY        DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}


Now some simple variables

      PAGER          DEFAULT=less
      MANPAGER       DEFAULT=less
      LESS           DEFAULT="M q e h15 z23 b80"
      NNTPSERVER     DEFAULT=localhost
      PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
      :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
      XDG_DATA_HOME  @{HOME}/share/


Silly examples of escaped variables, just to show how they work.

      DOLLAR         DEFAULT=\$
      DOLLARDOLLAR   DEFAULT=        OVERRIDE=\$${DOLLAR}
      DOLLARPLUS     DEFAULT=\${REMOTEHOST}${REMOTEHOST}
      ATSIGN         DEFAULT=""      OVERRIDE=\@