New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pam_env: read config from .config or XDG_CONFIG_HOME #7
Comments
Chicken-or-egg question: Where are |
@ayekat You can use /etc/security/pam_env.conf to set them for all users.
With suggested change user can override those with:
Implementation of this change allows setting user variables from the same directory where user config files are located and if |
This assumes that a user wants to use the same values as the system administrator, but what happens if that is not the case? E.g. the sysadmin might set it to |
@ayekat I don't assume user can't figure out if environment variables work on another such system. If you want to keep using |
I don't doubt that. But that was not my point at all.
So in order to profit from this change, a user must
Allow me to make the claim that such a type of user is quite a rare sight (especially since points 2 and 3 somehow contradict). To clarify, I don't oppose this change (but only because you say that |
I want to properly manage and backup my config files and have them in a standardized place. That's why they shouldn't be spread all over the home directory, but placed in the location specified by the XDG spec so that they can be added to a VCS without having to manage a raft of exclude rules. So I would like pam_env to follow standards because:
|
It would really be great to get this issue resolved. |
Hello, I don't agree with arguments against implementing XDG basedir spec into linux-pam. Basically there are scenarios where this solution will not be useful, that's true. But this isn't about whether it will be commonly used, but the possibility of a user to do so. There is a lot of discussion going about hardcoded paths and disability to control where the user-specific data is stored among most of the widely used software and since there is a pretty good standard developed and used, it should be (and often is) respected. Personally, (and I am speaking from sysadmin perspective) I can relate to one problem.
At last, as @soc said 3 years ago, I want to properly manage and backup my config files and have them in a standardized place. So do other people. Why not just let them. |
The user environment support in pam_env should be removed completely at some point. @ldv-alt what is your opinion? |
On Wed, Nov 04, 2020 at 12:47:11AM -0800, Tomáš Mráz wrote:
The user environment support in pam_env should be removed completely at some point.
I agree.
|
May I ask you guys to reconsider this? I believe that using If you guys really do remove it, it's implied that some setups will break, but regardless, I believe it would make sense to provide some other good alternative for it. |
There is also systemd's environment.d, but based on what I've seen so far, it has two issues:
So while in my comments above I voiced concerns about adopting the XDG basedir spec in PAM for the user environment file, this was only because of that bootstrapping issue. But that is simultaneously also the reason why I'm a bit concerned about user environments having been disabled by default recently, and now the intention to remove this entirely: What is the reasonable alternative for users to set their environment variables for their session in a clean way? Currently, I only see |
The problem is pam is being run as root and that is really a recipe for security issues if you source user owned file from there and adjust environment variables based on it. It should be really a new standardized mechanism that is run with the user credentials after the fork from the login/display manager before the user shell/display environment is started. |
BTW, |
fish shell for example does not read |
Dropping support for setting user envs feels like throwing out the baby with the bathwater – but in the end, at the most fundamental level, the bootstrapping issue remains: A proper way of dealing with the bootstrap issue would be to specify the "bootstrap path" in a new column in Moving things from |
Then a different universal mechanism has to be proposed and implemented. |
Makes sense, will be happy to review your proposal! |
Follows XDG Base Directory Specification
https://specifications.freedesktop.org/basedir-spec/latest/
Suggestions:
Here is pseudo-patch (bottom is especially horrible):
The text was updated successfully, but these errors were encountered: