Re: Systemd user environment variables not picked up for me

To: debian-user@lists.debian.org
Subject: Re: Systemd user environment variables not picked up for me
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Tue, 30 Jun 2020 08:06:13 -0400
Message-id: <[🔎] 20200630120613.GA22833@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] MB2rEgL--3-2@tuta.io>
References: <[🔎] 20200629093009.GA14601@grumpel.local> <[🔎] MB-eQPs--N-2@tuta.io> <[🔎] 20200629155245.GW22833@eeg.ccf.org> <[🔎] MB2rEgL--3-2@tuta.io>

On Tue, Jun 30, 2020 at 08:14:41AM +0200, l0f4r0@tuta.io wrote:
> It seems you can reconstruct those "early" variables like the following:
> HOME=/home/@{PAM_USER}
> 
> Or use @{HOME} directly since PAM 1.2.0.
> 
> Source: https://unix.stackexchange.com/questions/258246/why-does-pam-environment-not-include-home-in-my-new-path

Huh... interesting stuff.  Apparently I haven't been reading the
correct man pages, to start with.

None of this stuff is mentioned *at all* in pam_env(7).  The only thing
you can find there is "SEE ALSO  pam_env.conf(5)".

pam_env.conf(5) is far more interesting, especially this paragraph:

       The /etc/environment file specifies the environment variables to be
       set. The file must consist of simple NAME=VALUE pairs on separate
       lines. The pam_env(8) module will read the file after the pam_env.conf
       file.

So... wait, there are *two* config files, and they're *completely
different*?!  Jesus.

Taking your comments, plus the linked web page, plus the pam_env.conf(5)
man page, plus the commentary in the /etc/security/pam_env.conf file, I
performed the following experiment:

First, I added two lines to the end of /etc/security/pam_env.conf:

TEST1		DEFAULT=${HOME}/foo
TEST2		DEFAULT=@{HOME}/foo

Then I opened a new terminal window, and ran "su - greg" inside it.

unicorn:~$ su - greg
Password: 
unicorn:~$ env | grep TEST
TEST2=/home/greg/foo
TEST1=/foo

Huh.  It actually *worked*.  Astonishing.

I feel like the /etc/environment file needs some comments in it saying
"This is a useless legacy file; if you actually want to add environment
variables to user logins, see pam_env.conf(5) and put your changes in
/etc/security/pam_env.conf instead."  But then again, that would probably
be treated as live code rather than a comment, and something would
explode.

And then /etc/security/pam_env.conf needs comments that say "Use @{HOME}
instead of ${HOME}."  That can either replace or augment the current
comment that says "For example, HOME is used below several times, but
many PAM applications don't make it available by the time you need it."

Of course, none of this will actually happen, because it is Upstream
Documentation, and Debian won't want to touch it.

Reply to:

References:
- Systemd user environment variables not picked up for me
  - From: Thomas Pircher <thp+debian@p5r.uk>
- Re: Systemd user environment variables not picked up for me
  - From: l0f4r0@tuta.io
- Re: Systemd user environment variables not picked up for me
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Systemd user environment variables not picked up for me
  - From: l0f4r0@tuta.io

Prev by Date: Re: update-alternatives - was [Re: Installing/launching MATE in a command line environment]
Next by Date: Re: Newbie
Previous by thread: Re: Systemd user environment variables not picked up for me
Next by thread: Cannot get systemd to forget about swap space on a failed disk
Index(es):
- Date
- Thread