diff options
Diffstat (limited to 'modules/pam_env/README')
-rw-r--r-- | modules/pam_env/README | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/modules/pam_env/README b/modules/pam_env/README new file mode 100644 index 0000000..a040caf --- /dev/null +++ b/modules/pam_env/README @@ -0,0 +1,101 @@ +pam_env — PAM module to set/unset environment variables + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +The pam_env PAM module allows the (un)setting of environment variables. +Supported is the use of previously set environment variables as well as +PAM_ITEMs such as PAM_RHOST. + +By default rules for (un)setting of variables are taken from the config file / +etc/security/pam_env.conf. An alternate file can be specified with the conffile +option. + +Second a file (/etc/environment by default) with simple KEY=VAL pairs on +separate lines will be read. With the envfile option an alternate file can be +specified. And with the readenv option this can be completely disabled. + +Third it will read a user configuration file ($HOME/.pam_environment by +default). The default file can be changed with the user_envfile option and it +can be turned on and off with the user_readenv option. + +Since setting of PAM environment variables can have side effects to other +modules, this module should be the last one on the stack. + +OPTIONS + +conffile=/path/to/pam_env.conf + + Indicate an alternative pam_env.conf style configuration file to override + the default. This can be useful when different services need different + environments. + +debug + + A lot of debug information is printed with syslog(3). + +envfile=/path/to/environment + + Indicate an alternative environment file to override the default. The + syntax are simple KEY=VAL pairs on separate lines. The export instruction + can be specified for bash compatibility, but will be ignored. This can be + useful when different services need different environments. + +readenv=0|1 + + Turns on or off the reading of the file specified by envfile (0 is off, 1 + is on). By default this option is on. + +user_envfile=filename + + Indicate an alternative .pam_environment file to override the default.The + syntax is the same as for /etc/security/pam_env.conf. The filename is + relative to the user home directory. This can be useful when different + services need different environments. + +user_readenv=0|1 + + Turns on or off the reading of the user specific environment file. 0 is + off, 1 is on. By default this option is off as user supplied environment + variables in the PAM environment could affect behavior of subsequent + modules in the stack without the consent of the system administrator. + + Due to problematic security this functionality is deprecated since the + 1.5.0 version and will be removed completely at some point in the future. + +EXAMPLES + +These are some example lines which might be specified in /etc/security/ +pam_env.conf. + +Set the REMOTEHOST variable for any hosts that are remote, default to +"localhost" rather than not being set at all + + REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} + + +Set the DISPLAY variable if it seems reasonable + + DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} + + +Now some simple variables + + PAGER DEFAULT=less + MANPAGER DEFAULT=less + LESS DEFAULT="M q e h15 z23 b80" + NNTPSERVER DEFAULT=localhost + PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ + :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 + XDG_DATA_HOME DEFAULT=@{HOME}/share/ + + +Silly examples of escaped variables, just to show how they work. + + DOLLAR DEFAULT=\$ + DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} + DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} + ATSIGN DEFAULT="" OVERRIDE=\@ + + |