[Bug 955032] Re: pam environment duplicate path directories since it is called without user_readenv=0

Wed Mar 14 22:59:21 UTC 2012

I had a hard time understanding this at first, until I understood that
this was about the fact that pam_env is called *twice* for some
services.  Yes, we shouldn't be reading the user environment twice; I'm
not sure if user_readenv should default to off when 'envfile' is set, or
if this should be fixed in the individual packages providing the
configs.

There's also a related issue that upstream has turned user_readenv off
by default in the latest releases due to security concerns, and we
should probably follow suit.

** Changed in: pam (Ubuntu)
   Importance: Undecided => Low

** Changed in: pam (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/955032

Title:
  pam environment duplicate path directories since it is called without
  user_readenv=0

Status in “pam” package in Ubuntu:
  Triaged

Bug description:
  I am trying to set my Environment variables through the procedure
  described in:  https://help.ubuntu.com/community/EnvironmentVariables

  (BTW, that page states that ~/.pam_environment: "It is not a script
  file, but rather consists of assignment expressions, one per line.",
  which is misleading since it allows one believe that the syntax is the
  same as of /etc/environment file, which is not tru. ~/.pam_environment
  uses the pam_env.conf syntax, as specified here:
  http://manpages.ubuntu.com/manpages/natty/man5/pam_env.conf.5.html)

  However, back to the bug: basically, I added (prepended) some
  directory to the ${PATH} variable inside my .pam_environment file and
  that folder was duplicated in the final PATH variable.

  The reason is that (see also: http://superuser.com/questions/135730
  /why-do-i-get-duplicated-entries-in-my-path) the user_readenv=0
  parameter is not specified in the lines where pam_env.so is called
  inside *all* the files in /etc/pam.d

  Basically, after creating my .pam_environment file, I had to go inside
  /etc/pam.d and to scan all files and to add the "user_readenv=0"
  parameter to every line where "pam_env.so envfile=/etc/default/locale"
  was encountered.

  For example, in "cron" file, I had to change:

  session       required   pam_env.so envfile=/etc/default/locale

  into:

  session       required   pam_env.so envfile=/etc/default/locale
  user_readenv=0

  and this goes the same for all other files inside /etc/pam.d/ folder
  that contain the line "pam_env.so envfile=/etc/default/locale"

  That's annoying. Please update those files to contain, by default,
  "user_readenv=0", to avoid duplicate folders when setting $PATH
  through the .pam_environment file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/955032/+subscriptions