FS#33231 - [filesystem][pam][pambase] consider using pam_env to source locale.conf

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Friday, 28 December 2012, 20:20 GMT
Last edited by Dave Reisner (falconindy) - Saturday, 25 October 2014, 17:01 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Tom Gundersen (tomegun)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 4
Private No

Details

Right now, /etc/profile.d/locale.sh is used to source /etc/locale.conf and export the variables in bourne-compatible login shells. This mostly works, but not all logins spawn a login shell (many display managers) and not everyone uses bash or zsh.

The syntax of locale.conf is simple enough that pam_env is enough to source it, so it could be done in the pam configuration instead. This would be a lot simpler (1 line instead of a script), and more general.

The pam_env man page has the details on what needs to be done (a line like 'session required pam_env.so envfile=/etc/locale.conf'.

This wouldn't be usable for $XDG_CONFIG_HOME/locale.conf, but AFAIK that's an Arch Linux specific extension and you can set the same stuff in ~/.pam_environment. The usefulness of /etc/locale.conf is that systemd uses it too. User sessions will always be within a pam session.

This is from Debian (where systemd got this convention):

$ grep -R pam_env.so /etc/pam.d/
/etc/pam.d/sshd:auth required pam_env.so # [1]
/etc/pam.d/sshd:auth required pam_env.so envfile=/etc/default/locale
/etc/pam.d/cron:session required pam_env.so
/etc/pam.d/cron:session required pam_env.so envfile=/etc/default/locale
/etc/pam.d/su:session required pam_env.so readenv=1
/etc/pam.d/su:session required pam_env.so readenv=1 envfile=/etc/default/locale
/etc/pam.d/login:session required pam_env.so readenv=1
/etc/pam.d/login:session required pam_env.so readenv=1 envfile=/etc/default/locale
This task depends upon

Closed by  Dave Reisner (falconindy)
Saturday, 25 October 2014, 17:01 GMT
Reason for closing:  Won't fix
Additional comments about closing:  This ought to be chased up with systemd upstream for locale settings. Curious users can implement this locally, if they need/want it.
Comment by Daniel Micay (thestinger) - Friday, 28 December 2012, 20:25 GMT
Another example of a case with no login shell is a systemd user session. That's where things are going so it would be good to get this fixed early.
Comment by Tom Gundersen (tomegun) - Monday, 31 December 2012, 11:11 GMT
The semantics of $XDG_CONFIG_HOME/locale.conf is that if the user-specific file exists the system-wide config is ignored completely (even if the user-specific one is empty). I don't think we can get pam to do this for us.

I agree that our current script is not ideal, so a better way would be to implement it in systemd (similarly to how the system-wide stuff is done). I have been meaning to push some patches to do it, but never got around to finish them up.
Comment by Tom Gundersen (tomegun) - Wednesday, 02 January 2013, 21:29 GMT
@thestinger: would this cover your usecase: http://lists.freedesktop.org/archives/systemd-devel/2013-January/007908.html ?
Comment by Daniel Micay (thestinger) - Wednesday, 02 January 2013, 21:40 GMT
@tomegun: yeah, that would be perfect :)
Comment by runiq (runiq) - Friday, 06 December 2013, 07:46 GMT
Has there been any progress on this since the last message?

Edit: Disregard that, I missed the relevant commit to systemd by Tom.

Loading...