Re: Where is the documentation for /etc/environment?

From: Alban Browaeys (prahal_at_yahoo.com)
Date: 01/29/05

  • Next message: gerhard: "How to close an open relay (exim3)?" 
    To: debian-user@lists.debian.org
Date: Sat, 29 Jan 2005 11:41:18 +0000 (UTC)

    Stephen Rueger <stephen.rueger <at> rechnerpost.org> writes:

    > Linux-PAM sysadmin guide, in /usr/share/doc/libpam-doc/ in the section
    > "Set/unset environment variables".

    That s a good start.

    But no there is no debian documentation/policy about environment/profile.
    In fact there is a "war" between maintenair about who set what (only for the
    PATH variable as far as i know).
    Thus you cannot set the PATH var in /etc/environment and expect it to be used
     by all apps (shells, cron dameon, gdm , ... overwrite it all the time).

    /etc/environment is used by all applications. It is not a shell script
    (not like /etc/profile where you can use export, alias, etc). You can
     only set key pair values like:
    LANG=fr_FR.UTF-8@euro
    NNTPSERVER=localhost

    If your application use pam check that its /etc/pam.d script have a pam_env rule:

    /etc/pam.d/ssh

    # PAM configuration for the Secure Shell service

    # Read environment variables from /etc/environment and
    # /etc/security/pam_env.conf.
    auth required pam_env.so # [1]

    # Standard Un*x authentication.
    @include common-auth

    # Standard Un*x authorization.
    @include common-account

    # Standard Un*x session setup and teardown.
    @include common-session

    # Print the message of the day upon successful login.
    session optional pam_motd.so # [1]

    # Print the status of the user's mailbox upon successful login.
    session optional pam_mail.so standard noenv # [1]

    # Set up user limits from /etc/security/limits.conf.
    session required pam_limits.so

    # Standard Un*x password updating.
    @include common-password

    As told there the pam_env module not only export the variables you setted in
    /etc/security/pam_env.conf but also those in /etc/environment. All applications
    are supposed to read /etc/environment anyway.
    http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/fil
    es/aixfiles/environment.htm
    gives an idea of how things work on unix. as i told the PATH part is wrong on
    debian.

    A few real examples:

    - console login with bash as the default shell:
    1) /etc/login.defs
    2) pam_env : /etc/environment then /etc/security/pam_env.conf
    3) /etc/profile
    then ~/.bash_profile or if it does not exists ~/.profile

    - xdm,gdm,kdm (maybe others too):
    1) pam_env : ...
    2) /etc/X11/xdm/{../Xsession|Xstartup} scripts
    /etc/gdm/{Xsession|PreSession/Default|PostSession/Default} scripts ,
    /etc/kde3/kdm/{Xsession, ....}, only touch PATH and sometimes LANG if not
    already defined.
    3) ~/.dmrc : default session and lang if choosen in the login manager
    4) /etc/X11/Xsession.d/ scripts : like /etc/profile and ~/.profile for bash. You
    should add your own script there.

    - ssh with a bash shell:
    1) pam_env
    2) /etc/profile and ~/.bash_profile (xor ~/.profile).

    To sum up /etc/environment is great to set variables like the news server, the
    proxy and other things that no scripts used to care about.
    For lang and things like JAVA_HOME, you should clean all your bash specific
    tweaks in /etc/profile to be able to change the setting from /etc/environment
    and forget about it.
    For PATH it is useless, every daemon/shell/X11 login manager redefine PATH
    afterwards. (i am looking after the day when a pam_path session module will
    exists !)

    The last thing is that its a standard for all unix applications. There is no
    other file for that.

    Cheers
    Alban 

    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: gerhard: "How to close an open relay (exim3)?"

    Relevant Pages

    • Re: Root Password No Longer Works in KDE
      ... @include common-auth ... # Standard Un*x authentication. ... # Standard Un*x session setup and teardown. ... # Print the message of the day upon successful login. ...
      (Debian-User)
    • Re: Please! Doesnt anyone know a better way to do this?
      ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: nooB PhP login using MySQL
      ... This PC has MySQL and IIS configured and running. ... how do I prevent users from bypassing the login? ... create a random string and store in session on server, ... euphemism for md5) but now that there are secure ways, ...
      (comp.lang.php)
    • Re: nooB PhP login using MySQL
      ... This PC has MySQL and IIS configured and running. ... how do I prevent users from bypassing the login? ... create a random string and store in session on server, ... euphemism for md5) but now that there are secure ways, ...
      (comp.lang.php)
    • Re: why a session-based program behaves different on different computers
      ... But if you lose the session you lose ... now, pray-tell, HOW IS THE DATA LOST? ... IF THERE IS NO LOGIN, HOW DO YOU DETERMINE WHICH ROW IT IS? ... let's stick to the architecture for a moment then. ...
      (comp.lang.php)