Re: Ideal place to set environment variables

[Greg Wooledge <wooledg@eeg.ccf.org>]

On Fri, Mar 30, 2018 at 10:09:48AM -0700, Don Armstrong wrote:
> On Fri, 30 Mar 2018, Greg Wooledge wrote:
> > I have an extremely simple real-world litmus test which every system
> > I've ever seen so far has failed:
> > 
> >   How do I set MAIL=$HOME/Maildir/ in the login environment of every
> >   user, regardless of their shell, or how they log in (console, ssh,
> >   X Display Manager, GNOME Display Manager, etc.)?
> > 
> > That's it.  Simple, right?  But login.conf can't do it.  And pam_env.so
> > can't do it.  They only allow static strings with no substitutions.
> 
> pam_env.so can do substitutions, like:
> 
> MAIL DEFAULT=${HOME}/Maildir
> 
> Though that assumes that HOME was actually set (probably not) at the
> time that pam_env fires.

OK.  Interesting.  Either this stuff was added after I had already given
up on it (many years ago), or I simply failed to find it back then.

The syntax Don is showing here is *NOT* usable in /etc/environment
but rather in a totally separate file called /etc/security/pam_env.conf
which is documented in "man pam_env.conf" (not in "man pam_env").

/etc/environment continues to be as useless as ever.

P.S. pam_env.conf(5) shows examples using ${HOME} so one would assume
that $HOME is available at that point.  I haven't tested yet.

> In this case, you likely really want pam_mail, and something like:
> 
> session optional pam_mail.so dir=~/Maildir nopen

... so, someone was so frustrated by pam_env not being useful that
they wrote an entire separate PAM module just to set one variable.
Wow.

(OK, it also checks for new mail and displays a stupid message, but
your shell already does that, so nobody would ever want PAM to do it
too.  Probably.)