PAM_ENV.CONF(5) Linux-PAM Manual PAM_ENV.CONF(5)
NAME
pam_env.conf, environment - the environment variables config files
DESCRIPTION
The /etc/security/pam_env.conf file specifies the environment variables
to be set, unset or modified by pam_env(8). When someone logs in, this
file is read and the environment variables are set according.
Each line starts with the variable name, there are then two possible
options for each variable DEFAULT and OVERRIDE. DEFAULT allows an
administrator to set the value of the variable to some default value, if
none is supplied then the empty string is assumed. The OVERRIDE option
tells pam_env that it should enter in its value (overriding the default
value) if there is one to use. When OVERRIDE is not used, "" is assumed
and no override will be done.
VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
(Possibly non-existent) environment variables may be used in values
using the ${string} syntax and (possibly non-existent) PAM_ITEMs as well
as HOME and SHELL may be used in values using the @{string} syntax. Both
the $ and @ characters can be backslash escaped to be used as literal
values values can be delimited with "", escaped " not supported. Note
that many environment variables that you would like to use may not be
set by the time the module is called. For example, ${HOME} is used below
several times, but many PAM applications don't make it available by the
time you need it. The special variables @{HOME} and @{SHELL} are
expanded to the values for the user from the corresponding passwd entry.
The "#" character at start of line (no space at front) can be used to
mark this line as a comment line.
The /etc/environment file specifies the environment variables to be set.
The file must consist of simple NAME=VALUE pairs on separate lines. The
pam_env(8) module will read the file after the pam_env.conf file.
EXAMPLES
These are some example lines which might be specified in
/etc/security/pam_env.conf.
Set the REMOTEHOST variable for any hosts that are remote, default to
"localhost" rather than not being set at all
REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
Set the DISPLAY variable if it seems reasonable
DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
Now some simple variables
PAGER DEFAULT=less
MANPAGER DEFAULT=less
LESS DEFAULT="M q e h15 z23 b80"
NNTPSERVER DEFAULT=localhost
PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
XDG_DATA_HOME DEFAULT=@{HOME}/share/
Silly examples of escaped variables, just to show how they work.
DOLLAR DEFAULT=\$
DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
ATSIGN DEFAULT="" OVERRIDE=\@
SEE ALSO
pam_env(8), pam.d(5), pam(7), environ(7)
AUTHOR
pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>.
Linux-PAM 06/29/2025 PAM_ENV.CONF(5)
Generated by dwww version 1.16 on Tue Dec 16 01:11:57 CET 2025.