Bug#993459: openssh-server: sshd's PAM configuration doesn't set $MAIL
Package: openssh-server
Version: 1:8.4p1-5
Severity: normal
Dear Maintainer,
After upgrading from Buster to Bullseye, I've noticed that $MAIL
variable is not set when one logs in via ssh, but is set when one logs
in on TTY. I don't think it was an intended behaviour.
I've looked through the possible places where it could be set and found
out that it was previously set in /etc/login.defs, but now is governed
by PAM.
Further investigation showed that PAM configuration for sshd which resides
in /etc/pam.d/sshd has the line
session optional pam_mail.so standard noenv # [1]
I've changed it to
session optional pam_mail.so standard # [1]
and now the $MAIL is set again.
Searching for the reason to set `noenv' there led me to this bug in BTS:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=58429
In this bug it was reported that there were multiple non-informative
entries in auth.log if `noenv` was not enabled, but the bug was filed
more than 20 years ago, so I've checked if it is still the case.
Apparently it is not, the only new lines in auth.log are
Sep 1 19:42:14 laptop sshd[28790]: Accepted publickey for sqrt from 127.0.0.1 port 50194 ssh2: RSA SHA256:oCn47IKkSvC9WS1aUl52hD0UYsVtDT80s9pFDETWac0
Sep 1 19:42:14 laptop sshd[28790]: pam_unix(sshd:session): session opened for user sqrt(uid=1000) by (uid=0)
So I suggest we revert this `noenv' option as the reason for its
existing is gone and it causes problems like the one I'm filing this bug
about.
Thanks in advance!
-- System Information:
Debian Release: 11.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 5.10.0-8-686 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii dpkg 1.20.9
ii libaudit1 1:3.0-2
ii libc6 2.31-13
ii libcom-err2 1.46.2-2
ii libcrypt1 1:4.4.18-4
ii libgssapi-krb5-2 1.18.3-6
ii libkrb5-3 1.18.3-6
ii libpam-modules 1.4.0-9
ii libpam-runtime 1.4.0-9
ii libpam0g 1.4.0-9
ii libselinux1 3.1-3
ii libssl1.1 1.1.1k-1
ii libsystemd0 247.3-6
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii openssh-client 1:8.4p1-5
ii openssh-sftp-server 1:8.4p1-5
ii procps 2:3.3.17-5
ii runit-helper 2.10.3
ii ucf 3.0043
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-server recommends:
pn default-logind | logind | libpam-systemd <none>
pn ncurses-term <none>
ii xauth 1:1.1-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn ssh-askpass <none>
pn ufw <none>
-- Configuration Files:
/etc/pam.d/sshd changed:
@include common-auth
account required pam_nologin.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
-- debconf-show failed
Reply to: