modules/pam_env/README


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

pam_env — PAM module to set/unset environment variables

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

DESCRIPTION

The pam_env PAM module allows the (un)setting of environment variables.
Supported is the use of previously set environment variables as well as
PAM_ITEMs such as PAM_RHOST.

By default rules for (un)setting of variables is taken from the config file /
etc/security/pam_env.conf if no other file is specified.

This module can also parse a file with simple KEY=VAL pairs on seperate lines
(/etc/environment by default). You can change the default file to parse, with
the envfile flag and turn it on or off by setting the readenv flag to 1 or 0
respectively.

OPTIONS

conffile=/path/to/pam_env.conf

    Indicate an alternative pam_env.conf style configuration file to override
    the default. This can be useful when different services need different
    environments.

debug

    A lot of debug informations are printed with syslog(3).

envfile=/path/to/environment

    Indicate an alternative environment file to override the default. This can
    be useful when different services need different environments.

readenv=0|1

    Turns on or off the reading of the file specified by envfile (0 is off, 1
    is on). By default this option is on.

EXAMPLES

These are some example lines which might be specified in /etc/security/
pam_env.conf.

Set the REMOTEHOST variable for any hosts that are remote, default to
"localhost" rather than not being set at all

      REMOTEHOST     DEFAULT=localhost OVERRIDE=@{PAM_RHOST}


Set the DISPLAY variable if it seems reasonable

      DISPLAY        DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}


Now some simple variables

      PAGER          DEFAULT=less
      MANPAGER       DEFAULT=less
      LESS           DEFAULT="M q e h15 z23 b80"
      NNTPSERVER     DEFAULT=localhost
      PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
      :/usr/bin:/usr/local/bin/X11:/usr/bin/X11


Silly examples of escaped variables, just to show how they work.

      DOLLAR         DEFAULT=\$
      DOLLARDOLLAR   DEFAULT=        OVERRIDE=\$${DOLLAR}
      DOLLARPLUS     DEFAULT=\${REMOTEHOST}${REMOTEHOST}
      ATSIGN         DEFAULT=""      OVERRIDE=\@