Hello, I'm trying to set some environment variables via $HOME/.pam_environment on my F27 system. I understand that the feature is disabled by default on Fedora so I tried to add the following line to `/etc/pam.d/login` : ``` session required pam_env.so user_readenv=1 ``` However, even with this line, ~/.pam_environment is still ignored.

I directly login from a tty and don't use a DM : I guess /etc/pam.d/login is fine ? I will try with debugging enabled. Thanks! PS: I missed the reply list button the first time, sorry ! On 21/11/17 14:39, Berend De Schouwer wrote: > On Tue, 2017-11-21 at 14:15 +0100, Timothée Floure wrote: >> Hello, >> >> I'm trying to set some environment variables via >> $HOME/.pam_environment >> on my F27 system. I understand that the feature is disabled by >> default >> on Fedora so I tried to add the following line to `/etc/pam.d/login` >> : >> >> ``` >> session required pam_env.so user_readenv=1 >> ``` >> >> However, even with this line, ~/.pam_environment is still ignored. > > /etc/pam.d/login is for /bin/login (vty, telnet, and friends.) sshd > will use /etc/pam.d/sshd and gdm should use /etc/pam.d/gdm. > > I'd also suggest adding 'debug' to see if the module is being executed > at all. > > > > _______________________________________________ > users mailing list -- users(a)lists.fedoraproject.org > To unsubscribe send an email to users-leave(a)lists.fedoraproject.org > _______________________________________________ users mailing list -- users(a)lists.fedoraproject.org To unsubscribe send an email to users-leave(a)lists.fedoraproject.org

On 11/21/2017 10:36 AM, Timothée Floure wrote: > Ahah ! The culprit is SELinux ! > > I can easily set SELinux to permissive, but it's not a proper solution. > What would be the best fix ? Should I set a specific flag [0] to my > ~/.pam_environment or is there a better way to handle this with pam ? > > [0] I'm not familiar with SELinux Can you provide the actual AVC denial message from SELinux regarding this? My guess is that if you created the ~/.pam_environment file, the SELinux context is incorrect on the file. The AVC message would give the answer. > On 21/11/17 14:47, Timothée Floure wrote: >> I directly login from a tty and don't use a DM : I guess >> /etc/pam.d/login is fine ? I will try with debugging enabled. >> >> Thanks! >> >> PS: I missed the reply list button the first time, sorry ! >> >> On 21/11/17 14:39, Berend De Schouwer wrote: >>> On Tue, 2017-11-21 at 14:15 +0100, Timothée Floure wrote: >>>> Hello, >>>> >>>> I'm trying to set some environment variables via >>>> $HOME/.pam_environment >>>> on my F27 system. I understand that the feature is disabled by >>>> default >>>> on Fedora so I tried to add the following line to `/etc/pam.d/login` >>>> : >>>> >>>> ``` >>>> session required pam_env.so user_readenv=1 >>>> ``` >>>> >>>> However, even with this line, ~/.pam_environment is still ignored. >>> >>> /etc/pam.d/login is for /bin/login (vty, telnet, and friends.) sshd >>> will use /etc/pam.d/sshd and gdm should use /etc/pam.d/gdm. >>> >>> I'd also suggest adding 'debug' to see if the module is being executed >>> at all. >>> >>> >>> >>> _______________________________________________ >>> users mailing list -- users(a)lists.fedoraproject.org >>> To unsubscribe send an email to users-leave(a)lists.fedoraproject.org >>> >> >> >> >> _______________________________________________ >> users mailing list -- users(a)lists.fedoraproject.org >> To unsubscribe send an email to users-leave(a)lists.fedoraproject.org >> > > > > _______________________________________________ > users mailing list -- users(a)lists.fedoraproject.org > To unsubscribe send an email to users-leave(a)lists.fedoraproject.org >