Hi, > Isn't pam_env supposed to allow setting vars in setting up > a user's first login session? It can, but it has a few problems 1) the file format is kind of weird 2) not all distros set user_readenv=1 so users cant set the environment variables they want 3) pam_env doesn't provide a facility for 3rd party applications to adjust the environment 4) PAM modules run in the context of a user but as root. Having a bunch of independent plugins all running as root, and not necessarily integrating with each other is a recipe for security problems, especially if you throw environment variables into the mix. (if pam_env is erroneously in the session stack before a pam_exec call, the user could easily get root access) This topic was discussed a bit in the cited systemd pull request, I think. --Ray -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
