pam_getenv
Set environment variables during authentication
SYNOPSIS
session required pam_getenv.so [config=file] [debug]
PARAMETERS
config=file
Specify the configuration file path.
The default is /etc/security/pam_getenv.conf
debug
Enable debug logging to syslog.
DESCRIPTION
The pam_getenv PAM module allows setting environment variables based on a predefined configuration.
It reads variables from a configuration file and sets them within the PAM session, making them available to the user's processes.
This is useful for providing specific environments tailored to users or applications without modifying system-wide settings.
The module works during session management, specifically on session opening (session required) and closing (session optional).
The environment variables are read from the /etc/security/pam_getenv.conf file by default and applied to the user's session. The configuration file allows to specify the variable name and the variable value. Variable values can be static strings or can reference existing environment variables.
Variables can be added, modified, or removed as needed and the configuration file is evaluated each time a new session is started.This module provides a central managed and consistent way of managing environment variables across different applications.
CAVEATS
Changes to the /etc/security/pam_getenv.conf file will only take effect for new sessions. Existing sessions will not be affected until the user logs out and logs back in.
CONFIGURATION FILE FORMAT
The configuration file (/etc/security/pam_getenv.conf by default) consists of lines in the format:
VARIABLE=VALUE or VARIABLE=VALUE=$OTHER_VARIABLE.
Comments are supported using the # character at the beginning of the line.
SECURITY CONSIDERATIONS
Ensure that the configuration file is properly secured (owned by root and readable only by root) to prevent unauthorized modification of environment variables. Use with caution when referencing user-supplied environment variables as values.
HISTORY
The pam_getenv module was developed to provide a flexible way to manage environment variables within PAM sessions.
It has been included in many Linux distributions for session management and configuration purposes.
The module design is stable and focused on ease of configuration.