You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I login while my home folder is encrypted with ecryptfs, apparently when pam_env.so tries to load my ~/.pam_environment, it fails because it's not available yet. If I run for example su -l on a shell after I login, my environmental variables from there are loaded.
Steps to reproduce
Use the following setting in /etc/nixos/configuration.nix:
security.pam.enableEcryptfs = true;
Encrypt your home folder using ecryptfs-migrate-home.
Put environmental variables in the encrypted home folder's ~/.pam_environment.
Other information
This bug seems somewhat common and it is also covered in some stack-exchange threads (1, 2) yet I don't think it's unavoidable. Back when I used Arch Linux, I didn't experience this and perhaps because I've strictly followed the Arch Linux Wiki as for setting up ecryptfs automount using PAM. Luckily, I've backups of my /etc/ configurations from Arch Linux and the main difference I can see between NixOS' /etc/pam.d/ and Arch Linux', is that there is no auth required pam_env.so in NixOS' /etc/pam.d/ and there are only session required pam_env.so. I'm pretty sure this is the source of this issue but I think this should be consulted with the author of services.pam.*.
I'll sum it up to this question:
Why do we use session required pam_env.so and not auth required pam_env.so?
Technical details
system: "x86_64-linux"
host os: Linux 5.1.10, NixOS, 19.09pre182971.a1dd419c1ff (Loris)
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:
Search for maintainers and people that previously touched the related code and @ mention them in a comment.
Issue description
If I login while my home folder is encrypted with ecryptfs, apparently when
pam_env.so
tries to load my~/.pam_environment
, it fails because it's not available yet. If I run for examplesu -l
on a shell after I login, my environmental variables from there are loaded.Steps to reproduce
Use the following setting in
/etc/nixos/configuration.nix
:ecryptfs-migrate-home
.~/.pam_environment
.Other information
This bug seems somewhat common and it is also covered in some stack-exchange threads (1, 2) yet I don't think it's unavoidable. Back when I used Arch Linux, I didn't experience this and perhaps because I've strictly followed the Arch Linux Wiki as for setting up ecryptfs automount using PAM. Luckily, I've backups of my
/etc/
configurations from Arch Linux and the main difference I can see between NixOS'/etc/pam.d/
and Arch Linux', is that there is noauth required pam_env.so
in NixOS'/etc/pam.d/
and there are onlysession required pam_env.so
. I'm pretty sure this is the source of this issue but I think this should be consulted with the author ofservices.pam.*
.I'll sum it up to this question:
Why do we use
session required pam_env.so
and notauth required pam_env.so
?Technical details
"x86_64-linux"
Linux 5.1.10, NixOS, 19.09pre182971.a1dd419c1ff (Loris)
yes
yes
nix-env (Nix) 2.2.2
"nixos-19.09pre182971.a1dd419c1ff"
"nixos-unstable-19.09pre182743.7815c86c104"
/nix/var/nix/profiles/per-user/root/channels/nixos
The text was updated successfully, but these errors were encountered: