On Fri, Mar 30, 2018 at 10:09:48AM -0700, Don Armstrong wrote:
> On Fri, 30 Mar 2018, Greg Wooledge wrote:
> > I have an extremely simple real-world litmus test which every system
> > I've ever seen so far has failed:
> >
> > How do I set MAIL=$HOME/Maildir/ in the login environment of every
> > user, regardless of their shell, or how they log in (console, ssh,
> > X Display Manager, GNOME Display Manager, etc.)?
> >
> > That's it. Simple, right? But login.conf can't do it. And pam_env.so
> > can't do it. They only allow static strings with no substitutions.
>
> pam_env.so can do substitutions, like:
>
> MAIL DEFAULT=${HOME}/Maildir
>
> Though that assumes that HOME was actually set (probably not) at the
> time that pam_env fires.
OK. Interesting. Either this stuff was added after I had already given
up on it (many years ago), or I simply failed to find it back then.
The syntax Don is showing here is *NOT* usable in /etc/environment
but rather in a totally separate file called /etc/security/pam_env.conf
which is documented in "man pam_env.conf" (not in "man pam_env").
/etc/environment continues to be as useless as ever.
P.S. pam_env.conf(5) shows examples using ${HOME} so one would assume
that $HOME is available at that point. I haven't tested yet.
> In this case, you likely really want pam_mail, and something like:
>
> session optional pam_mail.so dir=~/Maildir nopen
... so, someone was so frustrated by pam_env not being useful that
they wrote an entire separate PAM module just to set one variable.
Wow.
(OK, it also checks for new mail and displays a stupid message, but
your shell already does that, so nobody would ever want PAM to do it
too. Probably.)
