[Bug 1302349] [NEW] pam_env applies user_envfile twice

Marko Kohtala marko.kohtala at gmail.com
Fri Apr 4 05:56:39 UTC 2014


Public bug reported:

I originally noticed this on Ubuntu 12.04 with 1:5.9p1-5ubuntu1.2, but
judging from the sources it seems to be in 1:6.6p1-2 as well.

I added to ~/.pam_environment

PATH DEFAULT=/home/user/bin:${PATH}

When I ssh into the machine it gives the prepended path twice:

$ ssh localhost echo '$PATH'
/home/user/bin:/home/user/bin:...

I'd expect it prepend the path only once.

The latest sources ( ~ubuntu-branches/ubuntu/trusty/openssh/trusty :
/debian/openssh-server.sshd.pam (revision 3264)) contains this:

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth       required     pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth       required     pam_env.so envfile=/etc/default/locale

pam_env loads always first conffile (default
/etc/security/pam_env.conf), and then by default envfile
(/etc/environment) which is in different syntax than the two other and
third the user_envfile (~/.pam_environment). Both of these pam_env lines
then load the same conffile an user_envfile.

If you need to load a fourth configuration file, you can do it without
loading the conffile and user_envfile twice by having these two lines:

auth       required     pam_env.so
auth       required     pam_env.so conffile=/dev/null envfile=/etc/default/locale user_readenv=0

The first line reads the three default files and the second line reads
only the envfile that is changed from the default.

I verified this fix works on Ubuntu 12.04.

This bug seems to be in most other packages as well.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1302349

Title:
  pam_env applies user_envfile twice

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1302349/+subscriptions



More information about the Ubuntu-server-bugs mailing list