summaryrefslogtreecommitdiffstats
path: root/modules/pam_env/pam_env.conf
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/pam_env/pam_env.conf73
-rw-r--r--modules/pam_env/pam_env.conf.5132
-rw-r--r--modules/pam_env/pam_env.conf.5.xml136
3 files changed, 341 insertions, 0 deletions
diff --git a/modules/pam_env/pam_env.conf b/modules/pam_env/pam_env.conf
new file mode 100644
index 0000000..2549e43
--- /dev/null
+++ b/modules/pam_env/pam_env.conf
@@ -0,0 +1,73 @@
+#
+# This is the configuration file for pam_env, a PAM module to load in
+# a configurable list of environment variables for a
+#
+# The original idea for this came from Andrew G. Morgan ...
+#<quote>
+# Mmm. Perhaps you might like to write a pam_env module that reads a
+# default environment from a file? I can see that as REALLY
+# useful... Note it would be an "auth" module that returns PAM_IGNORE
+# for the auth part and sets the environment returning PAM_SUCCESS in
+# the setcred function...
+#</quote>
+#
+# What I wanted was the REMOTEHOST variable set, purely for selfish
+# reasons, and AGM didn't want it added to the SimpleApps login
+# program (which is where I added the patch). So, my first concern is
+# that variable, from there there are numerous others that might/would
+# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
+#
+# Of course, these are a different kind of variable than REMOTEHOST in
+# that they are things that are likely to be configured by
+# administrators rather than set by logging in, how to treat them both
+# in the same config file?
+#
+# Here is my idea:
+#
+# Each line starts with the variable name, there are then two possible
+# options for each variable DEFAULT and OVERRIDE.
+# DEFAULT allows an administrator to set the value of the
+# variable to some default value, if none is supplied then the empty
+# string is assumed. The OVERRIDE option tells pam_env that it should
+# enter in its value (overriding the default value) if there is one
+# to use. OVERRIDE is not used, "" is assumed and no override will be
+# done.
+#
+# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
+#
+# (Possibly non-existent) environment variables may be used in values
+# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
+# be used in values using the @{string} syntax. Both the $ and @
+# characters can be backslash escaped to be used as literal values
+# values can be delimited with "", escaped " not supported.
+# Note that many environment variables that you would like to use
+# may not be set by the time the module is called.
+# For example, HOME is used below several times, but
+# many PAM applications don't make it available by the time you need it.
+#
+#
+# First, some special variables
+#
+# Set the REMOTEHOST variable for any hosts that are remote, default
+# to "localhost" rather than not being set at all
+#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+#
+# Set the DISPLAY variable if it seems reasonable
+#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+#
+#
+# Now some simple variables
+#
+#PAGER DEFAULT=less
+#MANPAGER DEFAULT=less
+#LESS DEFAULT="M q e h15 z23 b80"
+#NNTPSERVER DEFAULT=localhost
+#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+#
+# silly examples of escaped variables, just to show how they work.
+#
+#DOLLAR DEFAULT=\$
+#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
+#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+#ATSIGN DEFAULT="" OVERRIDE=\@
diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
new file mode 100644
index 0000000..40fd118
--- /dev/null
+++ b/modules/pam_env/pam_env.conf.5
@@ -0,0 +1,132 @@
+'\" t
+.\" Title: pam_env.conf
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 09/03/2021
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_ENV\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_env.conf, environment \- the environment variables config files
+.SH "DESCRIPTION"
+.PP
+The
+/etc/security/pam_env\&.conf
+file specifies the environment variables to be set, unset or modified by
+\fBpam_env\fR(8)\&. When someone logs in, this file is read and the environment variables are set according\&.
+.PP
+Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\&. DEFAULT allows an administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\&. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\&. OVERRIDE is not used, "" is assumed and no override will be done\&.
+.PP
+\fIVARIABLE\fR
+[\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR]
+.PP
+(Possibly non\-existent) environment variables may be used in values using the ${string} syntax and (possibly non\-existent) PAM_ITEMs as well as HOME and SHELL may be used in values using the @{string} syntax\&. Both the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported\&. Note that many environment variables that you would like to use may not be set by the time the module is called\&. For example, ${HOME} is used below several times, but many PAM applications don\*(Aqt make it available by the time you need it\&. The special variables @{HOME} and @{SHELL} are expanded to the values for the user from his
+\fIpasswd\fR
+entry\&.
+.PP
+The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\&.
+.PP
+The
+/etc/environment
+file specifies the environment variables to be set\&. The file must consist of simple
+\fINAME=VALUE\fR
+pairs on separate lines\&. The
+\fBpam_env\fR(8)
+module will read the file after the
+pam_env\&.conf
+file\&.
+.SH "EXAMPLES"
+.PP
+These are some example lines which might be specified in
+/etc/security/pam_env\&.conf\&.
+.PP
+Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Set the DISPLAY variable if it seems reasonable
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ DISPLAY DEFAULT=${REMOTEHOST}:0\&.0 OVERRIDE=${DISPLAY}
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Now some simple variables
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ PAGER DEFAULT=less
+ MANPAGER DEFAULT=less
+ LESS DEFAULT="M q e h15 z23 b80"
+ NNTPSERVER DEFAULT=localhost
+ PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\e
+ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+ XDG_DATA_HOME DEFAULT=@{HOME}/share/
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Silly examples of escaped variables, just to show how they work\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ DOLLAR DEFAULT=\e$
+ DOLLARDOLLAR DEFAULT= OVERRIDE=\e$${DOLLAR}
+ DOLLARPLUS DEFAULT=\e${REMOTEHOST}${REMOTEHOST}
+ ATSIGN DEFAULT="" OVERRIDE=\e@
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+\fBpam_env\fR(8),
+\fBpam.d\fR(5),
+\fBpam\fR(8),
+\fBenviron\fR(7)
+.SH "AUTHOR"
+.PP
+pam_env was written by Dave Kinchlea <kinch@kinch\&.ark\&.com>\&.
diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml
new file mode 100644
index 0000000..fca046f
--- /dev/null
+++ b/modules/pam_env/pam_env.conf.5.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_env.conf">
+
+ <refmeta>
+ <refentrytitle>pam_env.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>pam_env.conf</refname>
+ <refname>environment</refname>
+ <refpurpose>the environment variables config files</refpurpose>
+ </refnamediv>
+
+
+ <refsect1 id='pam_env.conf-description'>
+ <title>DESCRIPTION</title>
+
+ <para>
+ The <filename>/etc/security/pam_env.conf</filename> file specifies
+ the environment variables to be set, unset or modified by
+ <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ When someone logs in, this file is read and the environment
+ variables are set according.
+ </para>
+ <para>
+ Each line starts with the variable name, there are then two possible
+ options for each variable DEFAULT and OVERRIDE. DEFAULT allows an
+ administrator to set the value of the variable to some default
+ value, if none is supplied then the empty string is assumed. The
+ OVERRIDE option tells pam_env that it should enter in its value
+ (overriding the default value) if there is one to use. OVERRIDE is
+ not used, "" is assumed and no override will be done.
+ </para>
+ <para>
+ <replaceable>VARIABLE</replaceable>
+ [<replaceable>DEFAULT=[value]</replaceable>]
+ [<replaceable>OVERRIDE=[value]</replaceable>]
+ </para>
+
+ <para>
+ (Possibly non-existent) environment variables may be used in values
+ using the ${string} syntax and (possibly non-existent) PAM_ITEMs as well
+ as HOME and SHELL may be used in values using the @{string} syntax. Both
+ the $ and @ characters can be backslash escaped to be used as literal values
+ values can be delimited with "", escaped " not supported.
+ Note that many environment variables that you would like to use
+ may not be set by the time the module is called.
+ For example, ${HOME} is used below several times, but
+ many PAM applications don't make it available by the time you need it.
+ The special variables @{HOME} and @{SHELL} are expanded to the values
+ for the user from his <emphasis>passwd</emphasis> entry.
+ </para>
+
+ <para>
+ The "<emphasis>#</emphasis>" character at start of line (no space
+ at front) can be used to mark this line as a comment line.
+ </para>
+
+ <para>
+ The <filename>/etc/environment</filename> file specifies
+ the environment variables to be set. The file must consist of simple
+ <emphasis>NAME=VALUE</emphasis> pairs on separate lines.
+ The <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ module will read the file after the <filename>pam_env.conf</filename>
+ file.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_env.conf-examples">
+ <title>EXAMPLES</title>
+ <para>
+ These are some example lines which might be specified in
+ <filename>/etc/security/pam_env.conf</filename>.
+ </para>
+
+ <para>
+ Set the REMOTEHOST variable for any hosts that are remote, default
+ to "localhost" rather than not being set at all
+ </para>
+ <programlisting>
+ REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+ </programlisting>
+
+ <para>
+ Set the DISPLAY variable if it seems reasonable
+ </para>
+ <programlisting>
+ DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+ </programlisting>
+
+ <para>
+ Now some simple variables
+ </para>
+ <programlisting>
+ PAGER DEFAULT=less
+ MANPAGER DEFAULT=less
+ LESS DEFAULT="M q e h15 z23 b80"
+ NNTPSERVER DEFAULT=localhost
+ PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+ XDG_DATA_HOME DEFAULT=@{HOME}/share/
+ </programlisting>
+
+ <para>
+ Silly examples of escaped variables, just to show how they work.
+ </para>
+ <programlisting>
+ DOLLAR DEFAULT=\$
+ DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
+ DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+ ATSIGN DEFAULT="" OVERRIDE=\@
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pam_env.conf-see_also">
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_env.conf-author">
+ <title>AUTHOR</title>
+ <para>
+ pam_env was written by Dave Kinchlea &lt;kinch@kinch.ark.com&gt;.
+ </para>
+ </refsect1>
+</refentry>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-20 11:08:38 +0000