[Bug 955032] Re: pam environment duplicate path directories since it is called without user_readenv=0
Steve Langasek
steve.langasek at canonical.com
Wed Mar 14 22:59:21 UTC 2012
I had a hard time understanding this at first, until I understood that
this was about the fact that pam_env is called *twice* for some
services. Yes, we shouldn't be reading the user environment twice; I'm
not sure if user_readenv should default to off when 'envfile' is set, or
if this should be fixed in the individual packages providing the
configs.
There's also a related issue that upstream has turned user_readenv off
by default in the latest releases due to security concerns, and we
should probably follow suit.
** Changed in: pam (Ubuntu)
Importance: Undecided => Low
** Changed in: pam (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/955032
Title:
pam environment duplicate path directories since it is called without
user_readenv=0
Status in “pam” package in Ubuntu:
Triaged
Bug description:
I am trying to set my Environment variables through the procedure
described in: https://help.ubuntu.com/community/EnvironmentVariables
(BTW, that page states that ~/.pam_environment: "It is not a script
file, but rather consists of assignment expressions, one per line.",
which is misleading since it allows one believe that the syntax is the
same as of /etc/environment file, which is not tru. ~/.pam_environment
uses the pam_env.conf syntax, as specified here:
http://manpages.ubuntu.com/manpages/natty/man5/pam_env.conf.5.html)
However, back to the bug: basically, I added (prepended) some
directory to the ${PATH} variable inside my .pam_environment file and
that folder was duplicated in the final PATH variable.
The reason is that (see also: http://superuser.com/questions/135730
/why-do-i-get-duplicated-entries-in-my-path) the user_readenv=0
parameter is not specified in the lines where pam_env.so is called
inside *all* the files in /etc/pam.d
Basically, after creating my .pam_environment file, I had to go inside
/etc/pam.d and to scan all files and to add the "user_readenv=0"
parameter to every line where "pam_env.so envfile=/etc/default/locale"
was encountered.
For example, in "cron" file, I had to change:
session required pam_env.so envfile=/etc/default/locale
into:
session required pam_env.so envfile=/etc/default/locale
user_readenv=0
and this goes the same for all other files inside /etc/pam.d/ folder
that contain the line "pam_env.so envfile=/etc/default/locale"
That's annoying. Please update those files to contain, by default,
"user_readenv=0", to avoid duplicate folders when setting $PATH
through the .pam_environment file.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/955032/+subscriptions
More information about the foundations-bugs
mailing list