pam_env.conf(5) — Linux manual page


PAM_ENV.CONF(5)               Linux-PAM Manual               PAM_ENV.CONF(5)

NAME         top

       pam_env.conf, environment - the environment variables config files

DESCRIPTION         top

       The /etc/security/pam_env.conf file specifies the environment
       variables to be set, unset or modified by pam_env(8). When someone
       logs in, this file is read and the environment variables are set

       Each line starts with the variable name, there are then two possible
       options for each variable DEFAULT and OVERRIDE. DEFAULT allows and
       administrator to set the value of the variable to some default value,
       if none is supplied then the empty string is assumed. The OVERRIDE
       option tells pam_env that it should enter in its value (overriding
       the default value) if there is one to use. OVERRIDE is not used, ""
       is assumed and no override will be done.

       VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]

       (Possibly non-existent) environment variables may be used in values
       using the ${string} syntax and (possibly non-existent) PAM_ITEMs as
       well as HOME and SHELL may be used in values using the @{string}
       syntax. Both the $ and @ characters can be backslash escaped to be
       used as literal values values can be delimited with "", escaped " not
       supported. Note that many environment variables that you would like
       to use may not be set by the time the module is called. For example,
       ${HOME} is used below several times, but many PAM applications don't
       make it available by the time you need it. The special variables
       @{HOME} and @{SHELL} are expanded to the values for the user from his
       passwd entry.

       The "#" character at start of line (no space at front) can be used to
       mark this line as a comment line.

       The /etc/environment file specifies the environment variables to be
       set. The file must consist of simple NAME=VALUE pairs on separate
       lines. The pam_env(8) module will read the file after the
       pam_env.conf file.

EXAMPLES         top

       These are some example lines which might be specified in

       Set the REMOTEHOST variable for any hosts that are remote, default to
       "localhost" rather than not being set at all

                 REMOTEHOST     DEFAULT=localhost OVERRIDE=@{PAM_RHOST}

       Set the DISPLAY variable if it seems reasonable


       Now some simple variables

                 PAGER          DEFAULT=less
                 MANPAGER       DEFAULT=less
                 LESS           DEFAULT="M q e h15 z23 b80"
                 NNTPSERVER     DEFAULT=localhost
                 PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
                 XDG_DATA_HOME  @{HOME}/share/

       Silly examples of escaped variables, just to show how they work.

                 DOLLAR         DEFAULT=\$
                 DOLLARDOLLAR   DEFAULT=        OVERRIDE=\$${DOLLAR}
                 ATSIGN         DEFAULT=""      OVERRIDE=\@

SEE ALSO         top

       pam_env(8), pam.d(5), pam(8), environ(7)

AUTHOR         top

       pam_env was written by Dave Kinchlea <>.

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication Modules
       for Linux) project.  Information about the project can be found at 
       ⟨⟩.  If you have a bug report for this manual
       page, see ⟨//⟩.  This page was obtained from the
       tarball Linux-PAM-1.3.0.tar.bz2 fetched from
       ⟨⟩ on 2020-11-01.  If you discover
       any rendering problems in this HTML version of the page, or you be‐
       lieve there is a better or more up-to-date source for the page, or
       you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

Linux-PAM Manual                 04/01/2016                  PAM_ENV.CONF(5)

Pages that refer to this page: pam_env(8)