-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thoughts on PAM environment variables #13
Comments
Hey thanks so much for your comment and links! I'll check them out later today or this week! I also got my DM to the point of "barely working" and recently got motivated again to work on it, so I'm looking forward to check out your progress. With regards to |
Depending on how general this library wants to be passing in those as arguments to In any case I think it would be difficult but not impossible to have an exhaustive list of arguments to In order to make the logind session work(so that it is assigned a seat etc) I needed to set these variables(even though I think I read somewhere that pam_systemd should figure out some of these by itself it didn't):
I get this logind session with my DM:
|
Since the crate is called |
I wanted to comment on this issue, since I've also been writing my own toy desktop/login manager in rust recently, and I've been digging into what constitutes a valid logind session and all this. I've read over most of the code in this library, as well as some of @regiontog's fork and his WebDM project. It seems to me that the code in initialize_environment is totally correct except for the PATH variable. And it might indeed be better to return an environment to apply rather than setting it for the current process, but this is a minor complaint. I don't know which distro @regiontog is using, and I also don't know which PAM configuration his WebDM is using(the code just says to use the "webdm" file, but there's no such file tracked in the git repo). But on my distro(Arch Linux), when using the correct PAM config file, I do indeed get all the $XDG_* variables set, as well as some Systemd related dbus stuff. And I get a valid session with logind. Indeed, my environment after initialize_session() is identical to the one I get after using the default tty login program, except for randomly generated identifiers for dbus etc. In my case I used the file /etc/pam.d/login, which the one used by the tty login screen. The contents are as follows: login:
system-local-login:
system-login:
system-auth:
As you can see pam_systemd.so is only included in the system-login file, not system-auth(which is the file referenced in the examples for this library). If you invoke system-auth, only the absolute minimal checking against /etc/passwd will be performed. using system-local-login should ensure the correct env variables are set up my pam_env. Of course, the organisation of pam.d differs from distro to distro, and a quick look at my debian box reveals a completely different setup. Generally though you should refer to your distro's documentation to find out which pam file to invoke, or which ones you need to include from your custom pam files to stay secure and compatible. Now, I've read some of the systemd-logind documentation, and it specifically says to not talk to logind directly, but let pam_systemd do it. Talking to systemd, setting specific environment variables or calling into specific pam modules shouldn't be the responsibility of this library as it exists now, which is mainly as a wrapper around the PAM conversation API for clients. The only real bug I found in it was this line
this leads to the following PATH variable on arch linux:
Note that the .cargo part is from my local shell .zprofile. I also want to say thanks for developing this library and pam-sys. They've made my life a lot easier writing my own DM in rust. I hope my insights from banging my head against the wall for 3 days will be helpful somehow :D |
Hey @mtlll this is very useful information indeed! I am quite impressed that you got a valid systemd session using Some thoughts (in no specific order of importance):
Thanks for your insights! I may have a closer look at yalm to see how you managed to get a session going ;) |
I think $PATH should also be handled by pam_env. It can also be initialised by the shell when given the -l option(to start as a login shell). Again, I didn't really do anything special to get the env set properly. All I did was use the right pam service file(in my case I used login because my login manager is TUI-based and it made sense, more generally system-local-login is probably what you want). You're welcome to look at yalm, but keep in mind it's still a work in progress, and I'm writing yalm mainly as a project to learn rust, so the code is a bit of a mess right now :) |
First of all thanks for making this library, it has made creating a Display Manager more enjoyable.
As you know it's kinda difficult to get any good information on how to make DMs, but I've managed to get to a point where I can comfortably use mine and I thought I'd share some of what I have learned. I made a fork of this project here with some changes I needed to get everything to work properly w.r.t. logind/systemd.
pam_systemd.so
- which is needed to get logind working - reads some PAM environment variables. So the user should have a way of setting the PAM vars propably. These also needs to be set before pam_open_session is called.Command::envs
to set all of the PAM environment in the child process. For example like I have done in my DM./etc/environment
or~/.pam_environment
.The text was updated successfully, but these errors were encountered: