On 11/21/2017 10:36 AM, Timothée Floure wrote: > Ahah ! The culprit is SELinux ! > > I can easily set SELinux to permissive, but it's not a proper solution. > What would be the best fix ? Should I set a specific flag [0] to my > ~/.pam_environment or is there a better way to handle this with pam ? > > [0] I'm not familiar with SELinux Can you provide the actual AVC denial message from SELinux regarding this? My guess is that if you created the ~/.pam_environment file, the SELinux context is incorrect on the file. The AVC message would give the answer. > On 21/11/17 14:47, Timothée Floure wrote: >> I directly login from a tty and don't use a DM : I guess >> /etc/pam.d/login is fine ? I will try with debugging enabled. >> >> Thanks! >> >> PS: I missed the reply list button the first time, sorry ! >> >> On 21/11/17 14:39, Berend De Schouwer wrote: >>> On Tue, 2017-11-21 at 14:15 +0100, Timothée Floure wrote: >>>> Hello, >>>> >>>> I'm trying to set some environment variables via >>>> $HOME/.pam_environment >>>> on my F27 system. I understand that the feature is disabled by >>>> default >>>> on Fedora so I tried to add the following line to `/etc/pam.d/login` >>>> : >>>> >>>> ``` >>>> session required pam_env.so user_readenv=1 >>>> ``` >>>> >>>> However, even with this line, ~/.pam_environment is still ignored. >>> >>> /etc/pam.d/login is for /bin/login (vty, telnet, and friends.) sshd >>> will use /etc/pam.d/sshd and gdm should use /etc/pam.d/gdm. >>> >>> I'd also suggest adding 'debug' to see if the module is being executed >>> at all. >>> >>> >>> >>> _______________________________________________ >>> users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx >>> To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>> >> >> >> >> _______________________________________________ >> users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx >> > > > > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > -- ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - "You think that's tough? Try herding cats!" - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
