[Bug 1302349] [NEW] pam_env applies user_envfile twice
Marko Kohtala
marko.kohtala at gmail.com
Fri Apr 4 05:56:39 UTC 2014
Public bug reported:
I originally noticed this on Ubuntu 12.04 with 1:5.9p1-5ubuntu1.2, but
judging from the sources it seems to be in 1:6.6p1-2 as well.
I added to ~/.pam_environment
PATH DEFAULT=/home/user/bin:${PATH}
When I ssh into the machine it gives the prepended path twice:
$ ssh localhost echo '$PATH'
/home/user/bin:/home/user/bin:...
I'd expect it prepend the path only once.
The latest sources ( ~ubuntu-branches/ubuntu/trusty/openssh/trusty :
/debian/openssh-server.sshd.pam (revision 3264)) contains this:
# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth required pam_env.so envfile=/etc/default/locale
pam_env loads always first conffile (default
/etc/security/pam_env.conf), and then by default envfile
(/etc/environment) which is in different syntax than the two other and
third the user_envfile (~/.pam_environment). Both of these pam_env lines
then load the same conffile an user_envfile.
If you need to load a fourth configuration file, you can do it without
loading the conffile and user_envfile twice by having these two lines:
auth required pam_env.so
auth required pam_env.so conffile=/dev/null envfile=/etc/default/locale user_readenv=0
The first line reads the three default files and the second line reads
only the envfile that is changed from the default.
I verified this fix works on Ubuntu 12.04.
This bug seems to be in most other packages as well.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1302349
Title:
pam_env applies user_envfile twice
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1302349/+subscriptions
More information about the Ubuntu-server-bugs
mailing list