llua wrote:
On 04/02/2013 02:34 PM, Linda Walsh wrote:
Startup files don't set them. pam_env.so sets them.
To be a little bit more correct, pam_env.so doesn't set them either but after su completes, /etc/profile is re-read.
Not unless it is a acting as a login shell (if '-' or '-l' was specified. Otherwise it's to act like a normal instance of a new shell -- as if you typed 'bash'. That's mostly fine, since my bashrc_local is run after bashrc and configures specifics for my system. Really. pam_env DOES set them:
From my pam_env.conf: # # First, some special variables # # Set the REMOTEHOST variable for any hosts that are remote, default # to "localhost" rather than not being set at all #REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} REMOTEHOST DEFAULT="" OVERRIDE=@{PAM_RHOST} # # Set the DISPLAY variable if it seems reasonable DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
That's the only place they are set because only your initial log authorization to the system has the remote-host value for PAM to propagate into your environment. Since 'sudo' is not something used to log into the system from another system, it should never be tampering with REMOTEHOST/DISPLAY. Only programs guarding initial authorization to access the machine know where you are logging in *from*. They are responsible for setting REMOTEHOST/DISPLAY if needed, which are propagated into the environment. Removing those in the middle of a login session can have your program displays come upon another terminal or display in front of someone else.... i.e. its a potential data privacy issue and by extension, a security issue. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org