summaryrefslogtreecommitdiffstats
path: root/modules/pam_env/README
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_env/README')
-rw-r--r--modules/pam_env/README101
1 files changed, 101 insertions, 0 deletions
diff --git a/modules/pam_env/README b/modules/pam_env/README
new file mode 100644
index 0000000..a040caf
--- /dev/null
+++ b/modules/pam_env/README
@@ -0,0 +1,101 @@
+pam_env — PAM module to set/unset environment variables
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_env PAM module allows the (un)setting of environment variables.
+Supported is the use of previously set environment variables as well as
+PAM_ITEMs such as PAM_RHOST.
+
+By default rules for (un)setting of variables are taken from the config file /
+etc/security/pam_env.conf. An alternate file can be specified with the conffile
+option.
+
+Second a file (/etc/environment by default) with simple KEY=VAL pairs on
+separate lines will be read. With the envfile option an alternate file can be
+specified. And with the readenv option this can be completely disabled.
+
+Third it will read a user configuration file ($HOME/.pam_environment by
+default). The default file can be changed with the user_envfile option and it
+can be turned on and off with the user_readenv option.
+
+Since setting of PAM environment variables can have side effects to other
+modules, this module should be the last one on the stack.
+
+OPTIONS
+
+conffile=/path/to/pam_env.conf
+
+ Indicate an alternative pam_env.conf style configuration file to override
+ the default. This can be useful when different services need different
+ environments.
+
+debug
+
+ A lot of debug information is printed with syslog(3).
+
+envfile=/path/to/environment
+
+ Indicate an alternative environment file to override the default. The
+ syntax are simple KEY=VAL pairs on separate lines. The export instruction
+ can be specified for bash compatibility, but will be ignored. This can be
+ useful when different services need different environments.
+
+readenv=0|1
+
+ Turns on or off the reading of the file specified by envfile (0 is off, 1
+ is on). By default this option is on.
+
+user_envfile=filename
+
+ Indicate an alternative .pam_environment file to override the default.The
+ syntax is the same as for /etc/security/pam_env.conf. The filename is
+ relative to the user home directory. This can be useful when different
+ services need different environments.
+
+user_readenv=0|1
+
+ Turns on or off the reading of the user specific environment file. 0 is
+ off, 1 is on. By default this option is off as user supplied environment
+ variables in the PAM environment could affect behavior of subsequent
+ modules in the stack without the consent of the system administrator.
+
+ Due to problematic security this functionality is deprecated since the
+ 1.5.0 version and will be removed completely at some point in the future.
+
+EXAMPLES
+
+These are some example lines which might be specified in /etc/security/
+pam_env.conf.
+
+Set the REMOTEHOST variable for any hosts that are remote, default to
+"localhost" rather than not being set at all
+
+ REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+
+
+Set the DISPLAY variable if it seems reasonable
+
+ DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+
+
+Now some simple variables
+
+ PAGER DEFAULT=less
+ MANPAGER DEFAULT=less
+ LESS DEFAULT="M q e h15 z23 b80"
+ NNTPSERVER DEFAULT=localhost
+ PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+ XDG_DATA_HOME DEFAULT=@{HOME}/share/
+
+
+Silly examples of escaped variables, just to show how they work.
+
+ DOLLAR DEFAULT=\$
+ DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
+ DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+ ATSIGN DEFAULT="" OVERRIDE=\@
+
+