I was wondering how one is supposed to preserve env variables set when one initially logs into a system (like the same time loginuuid is set). Specifically, ENV vars 'DISPLAY' and 'REMOTEHOST'. I use the 2nd to generate the first and want it to last for the entire time I am logged in. I have been setting it in pam_env, using a similar example. Now I find that some see pam_env as a means to set the environment *per session* -- meaning they call it again during the common-session phase, in addition to the 'auth' phase. This has the tendency to overwrite those variables. I'm told that there's no way to prevent this as if the user clears their env (e.g. 'env -i), and that means it has to be called at the beginning of each session so it can reset env vars (this despite the fact, that I know of no one using such functionality, whereas I had been using it for 'auth' only on initial system entry. I can see the need for a session-based pam_env to generate a new user environment (though right now, in my distro, the ENV is set via shell scripts on initial login). however, if I leave my distro's defaults in place, my display and remote host are overwriten when I do a "sudo su" -- to get a new shell as root. Is there a way to protect those vars, as right now, even though I specify the -m flag to 'su', it seems not to preserve my env when I invoke it via sudo. So how I can limit pam_env's resetting to save and carry forward item's like remotehost and DISPLAY -- OR -- should pam_env only be called during 'auth' and env-init should be left to shell scripting (or putenv)... I'm aware of the comment that says the module should be an AUTH module, but I've been told that was only the initial design and that the manpage and other docs allow for using it to initialize sessions. Ideas or suggestions on how to do this would be great. Thanks! LW _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list