<emphasis>PAM_RHOST</emphasis>.
</para>
<para>
- By default rules for (un)setting of variables is taken from the
- config file <filename>/etc/security/pam_env.conf</filename> if
- no other file is specified.
+ By default rules for (un)setting of variables are taken from the
+ config file <filename>/etc/security/pam_env.conf</filename>. An
+ alternate file can be specified with the <emphasis>conffile</emphasis>
+ option.
</para>
<para>
- This module can also parse a file with simple
- <emphasis>KEY=VAL</emphasis> pairs on separate lines
- (<filename>/etc/environment</filename> by default). You can
- change the default file to parse, with the <emphasis>envfile</emphasis>
- flag and turn it on or off by setting the <emphasis>readenv</emphasis>
- flag to 1 or 0 respectively.
+ Second a file (<filename>/etc/environment</filename> by default) with simple
+ <emphasis>KEY=VAL</emphasis> pairs on separate lines will be read.
+ With the <emphasis>envfile</emphasis> option an alternate file can be specified.
+ And with the <emphasis>readenv</emphasis> option this can be completly disabled.
+ </para>
+ <para>
+ Third it will read a user configuration file
+ (<filename>$HOME/.pam_environment</filename> by default).
+ The default file file can be changed with the
+ <emphasis>user_envfile</emphasis> option
+ and it can be turned on and off with the <emphasis>user_readenv</emphasis> option.
</para>
<para>
Since setting of PAM environment variables can have side effects
<listitem>
<para>
Indicate an alternative <filename>environment</filename>
- file to override the default. This can be useful when different
- services need different environments.
+ file to override the default. The syntax are simple
+ <emphasis>KEY=VAL</emphasis> pairs on separate lines. The
+ <emphasis>export</emphasis> instruction can be specified for bash
+ compatibility, but will be ignored.
+ This can be useful when different services need different environments.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
Indicate an alternative <filename>.pam_environment</filename>
- file to override the default. This can be useful when different
- services need different environments. The filename is relative to
- the user home directory.
+ file to override the default.The syntax is the same as
+ for <emphasis>/etc/environment</emphasis>.
+ The filename is relative to the user home directory.
+ This can be useful when different services need different
+ environments.
</para>
</listitem>
</varlistentry>
const void *itemval;
D(("Called."));
- if (strcmp(name, "PAM_USER") == 0) {
+ if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) {
item = PAM_USER;
} else if (strcmp(name, "PAM_USER_PROMPT") == 0) {
item = PAM_USER_PROMPT;
D(("pam_get_item failed"));
return NULL; /* let pam_get_item() log the error */
}
+
+ if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) {
+ struct passwd *user_entry;
+ user_entry = pam_modutil_getpwnam (pamh, (char *) itemval);
+ if (!user_entry) {
+ pam_syslog(pamh, LOG_ERR, "No such user!?");
+ return NULL;
+ }
+ return (strcmp(name, "SHELL") == 0) ?
+ user_entry->pw_shell :
+ user_entry->pw_dir;
+ }
+
D(("Exit."));
return itemval;
}
<para>
(Possibly non-existent) environment variables may be used in values
- using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
- be used in values using the @{string} syntax. Both the $ and @
- characters can be backslash escaped to be used as literal values
+ using the ${string} syntax and (possibly non-existent) PAM_ITEMs as well
+ as HOME and SHELL may be used in values using the @{string} syntax. Both
+ the $ and @ characters can be backslash escaped to be used as literal values
values can be delimited with "", escaped " not supported.
Note that many environment variables that you would like to use
may not be set by the time the module is called.
- For example, HOME is used below several times, but
+ For example, ${HOME} is used below several times, but
many PAM applications don't make it available by the time you need it.
+ The special variables @{HOME} and @{SHELL} are expanded to the values
+ for the user from his <emphasis>passwd</emphasis> entry.
</para>
<para>
NNTPSERVER DEFAULT=localhost
PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+ XDG_DATA_HOME @{HOME}/share/
</programlisting>
<para>
projects / linux-pam / commitdiff