-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 2022-04-07 at 05:59 +0200, Christoph Anton Mitterer wrote: > You've set wontfix on #672793 some longer time ago, but AFAIU, this was > because of some user's request to have lightdm source .profile (which > is IMO indeed plain wrong).
Indeed. > > Later on #784158 was forcemerged with these... (and thus also marked > wontfix). > > Why so? Because (I guess) the original #784158 message was about .profile as well. > > #784158 is a completely different request, namely to modify lightdm's > PAM config to allow users to have an env file parsed. That happened later in the bug log and I might have missed it indeed. > May I split these up again? You can, but to be honest I'm unsure (and relecutant) about changing PAM configuration. I'd like to avoid breaking stuff in the authentication path so having a review of how correct these changes are would be nice. The bug asks for adding: > auth required pam_env.so user_readenv=1 to /etc/pam.d/login. I don't think 'auth' is the correct place since pam.d(5) says: > auth > this module type provides two aspects of authenticating the user. > Firstly, it establishes that the user is who they claim to be, by > instructing the application to prompt the user for a password or > other means of identification. Secondly, the module can grant group > membership or other privileges through its credential granting > properties. > I guess it'd fit more in: > session > this module type is associated with doing things that need to be > done for the user before/after they can be given service. Such > things include the logging of information concerning the > opening/closing of some data exchange with a user, mounting > directories, etc. > And the file already contains: > # Load environment from /etc/environment and ~/.pam_environment > session required pam_env.so readenv=1 > session required pam_env.so readenv=1 envfile=/etc/default/locale So it'd be a matter of adding user_readenv=1. But to be honest, the PAM modifications for lightdm come from gdm3 package and I'm again reluctant to deviate from that, and GDM3 doesn't set user_readenv. Finally, the PAM configuration file has > @include common-session so I guess one could reconfigure pam to include user_readenv or something. Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmJOj10ACgkQ3rYcyPpX RFtSFQgA5tRHtzYoo0vCcKgGFkHux4/5di3/kOLS1IbZzNS3IW7//lYOTQz5svJZ VD3cllG7OvTxb7LgiQ9RjdsXURMYpxFPls4dj+B1a5t2Yy3Aj4THgGPSTTeExRx0 sMGncRkDMtfb13S+gA/Ojrj3zkk1TXFSWvGi3AJIqRjdnREsm/tR2DQyvflP3SG1 IOmSSWagWBxo7nG7JXf5gixfTdCMDVkPPJ5TTZuud04eOL1FHocjakjc6j5o/xMb SsWZbx24eWja4AnVkksgVByUY3y3j7HoxKoomtpTWtqMosN+625qAKC1Mq2MDNxb X/ITrn31x1JbOA6Qrx+xBV7TeOQf/A== =/m/P -----END PGP SIGNATURE-----