pam_env: Use vendor specific pam_env.conf and environment as fallback

Use the vendor directory as fallback for a distribution provided default config if there is no one in /etc. * Makefile.am: Add libeconf setting. * pam_env.c: Take care about the fallback configuration in the vendor directory. * pam_env.8.xml: Add description for the vendor directory. * pam_env.conf.5.xml: Add description for the vendor directory. * tst-pam_env-retval.c: Add tests for libeconf. * configure.ac: Add ECONF settings for building man pages.
author: Stefan Schubert <schubi@suse.de> 2021-12-03 14:33:20 +0100
committer: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> 2022-12-14 09:29:35 +0100
commit: 6135c45347b6173e305fda66eef138bde693b795 (patch)
tree: c67f2d947b9f9411268efb1f1ae1f611be0bb636 /modules/pam_env/pam_env.8.xml
parent: d71de05146d03c271bd5507724d24d1ad17c2be5 (diff)
download: pam-6135c45347b6173e305fda66eef138bde693b795.tar.gz
pam-6135c45347b6173e305fda66eef138bde693b795.tar.bz2
pam-6135c45347b6173e305fda66eef138bde693b795.zip
1 files changed, 46 insertions, 2 deletions
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
index 75ff862b..d7687d6c 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
@@ -52,13 +52,55 @@
       variables as well as <emphasis>PAM_ITEM</emphasis>s such as
       <emphasis>PAM_RHOST</emphasis>.
     </para>
-    <para>
+    <para condition="with_vendordir_and_with_econf">
+      Rules for (un)setting of variables can be defined in an own config
+      file. The path to this file can be specified with the
+      <emphasis>conffile</emphasis> option.
+      If this file does not exist, the default rules are taken from the
+      config files <filename>/etc/security/pam_env.conf</filename> and
+      <filename>/etc/security/pam_env.conf.d/*.conf</filename>.
+      If the file <filename>/etc/security/pam_env.conf</filename> does not
+      exist, the rules are taken from the files
+      <filename>%vendordir%/security/pam_env.conf</filename>,
+      <filename>%vendordir%/security/pam_env.conf.d/*.conf</filename> and
+      <filename>/etc/security/pam_env.conf.d/*.conf</filename> in that order.
+    </para>
+    <para condition="with_vendordir_and_without_econf">
+      By default rules for (un)setting of variables are taken from the
+      config file <filename>/etc/security/pam_env.conf</filename>.
+      If this file does not exist <filename>%vendordir%/security/pam_env.conf</filename> is used.
+      An alternate file can be specified with the <emphasis>conffile</emphasis>
+      option, which overrules all other files.
+    </para>
+    <para condition="without_vendordir">
       By default rules for (un)setting of variables are taken from the
       config file <filename>/etc/security/pam_env.conf</filename>. An
       alternate file can be specified with the <emphasis>conffile</emphasis>
       option.
     </para>
-    <para>
+    <para condition="with_vendordir_and_with_econf">
+      Environment variables can be defined in a file with simple <emphasis>KEY=VAL</emphasis>
+      pairs on separate lines. The path to this file can be specified with the
+      <emphasis>envfile</emphasis> option.
+      If this file has not been defined, the settings are read from the
+      files <filename>/etc/security/environment</filename> and
+      <filename>/etc/security/environment.d/*</filename>.
+      If the file <filename>/etc/environment</filename> does not exist, the
+      settings are read from the files <filename>%vendordir%/environment</filename>,
+      <filename>%vendordir%/environment.d/*</filename> and
+      <filename>/etc/environment.d/*</filename> in that order.
+      And last but not least, with the <emphasis>readenv</emphasis> option this mechanism can
+      be completely disabled.
+    </para>
+    <para condition="with_vendordir_and_without_econf">
+      Second a file (<filename>/etc/environment</filename> by default) with simple
+      <emphasis>KEY=VAL</emphasis> pairs on separate lines will be read.
+      If this file does not exist, <filename>%vendordir%/etc/environment</filename> is used.
+      With the <emphasis>envfile</emphasis> option an alternate file can be specified,
+      which overrules all other files.
+      And with the <emphasis>readenv</emphasis> option this can be completely disabled.
+    </para>
+    <para condition="without_vendordir">
       Second a file (<filename>/etc/environment</filename> by default) with simple
       <emphasis>KEY=VAL</emphasis> pairs on separate lines will be read.
       With the <emphasis>envfile</emphasis> option an alternate file can be specified.
@@ -224,12 +266,14 @@
     <title>FILES</title>
     <variablelist>
       <varlistentry>
+        <term condition="with_vendordir"><filename>/usr/etc/security/pam_env.conf</filename></term>
         <term><filename>/etc/security/pam_env.conf</filename></term>
         <listitem>
           <para>Default configuration file</para>
         </listitem>
       </varlistentry>
       <varlistentry>
+        <term condition="with_vendordir"><filename>/usr/etc/environment</filename></term>
         <term><filename>/etc/environment</filename></term>
         <listitem>
           <para>Default environment file</para>
author	Stefan Schubert <schubi@suse.de>	2021-12-03 14:33:20 +0100
committer	Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com>	2022-12-14 09:29:35 +0100
commit	6135c45347b6173e305fda66eef138bde693b795 (patch)
tree	c67f2d947b9f9411268efb1f1ae1f611be0bb636 /modules/pam_env/pam_env.8.xml
parent	d71de05146d03c271bd5507724d24d1ad17c2be5 (diff)
download	pam-6135c45347b6173e305fda66eef138bde693b795.tar.gz pam-6135c45347b6173e305fda66eef138bde693b795.tar.bz2 pam-6135c45347b6173e305fda66eef138bde693b795.zip