aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2014-05-11 11:17:31 +0300
committerSergey Poznyakoff <gray@gnu.org.ua>2014-05-11 11:20:58 +0300
commit867eaccec7a1324f958d0d86c1a148187212bf6f (patch)
treefd615a0c3de58a7c5ab6cc8cf20b613a5d58901f /doc
parente1aa833138248238ceb23def33b3bfbfcc9f4b97 (diff)
downloadpam-modules-867eaccec7a1324f958d0d86c1a148187212bf6f.tar.gz
pam-modules-867eaccec7a1324f958d0d86c1a148187212bf6f.tar.bz2
Allow to modify environment of initrc-command
* pam_ldaphome/pam_ldaphome.c (find_env,locate_unset) (env_concat,parsenv,env_setup): New statics. (run_prog): Use execve and env_setup to set up the environment. * doc/pam-modules.texi: Document new statements. * doc/pam_ldaphome.8in: Likewise.
Diffstat (limited to 'doc')
-rw-r--r--doc/pam-modules.texi79
-rw-r--r--doc/pam_ldaphome.8in52
2 files changed, 129 insertions, 2 deletions
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi
index a0578da..87c4d6c 100644
--- a/doc/pam-modules.texi
+++ b/doc/pam-modules.texi
@@ -1172,7 +1172,7 @@ if the directory part of its name is listed in @var{path}.
@deffn {pam_ldaphome config} skel dir
Supplies the name of a @dfn{skeleton directory}. The contents of this
directory is copied to the newly created user home directory. The
-file modes and permissions are retained.
+file modes and permissions are preserved.
@end deffn
@deffn {pam_ldaphome config} uri arg
@@ -1250,7 +1250,7 @@ filters as defined in RFC 4515.
@end deffn
@deffn {pam_ldaphome config} pubkey-attr text
-Defines the name of the attribute keeping user public key.
+Defines the name of the attribute which holds the user public key.
@end deffn
@deffn {pam_ldaphome config} copy-buf-size n
@@ -1274,6 +1274,81 @@ operation, this value must be the same as the value of
change the latter, there's no need to edit it.
@end deffn
+The following statements instruct @command{pam_ldaphome} to invoke an
+external command after initializing the user home directory. This can
+be used to customize the files copied from the skeleton directory
+according to the user.
+
+@deffn {pam_ldaphome config} initrc-command command
+Run @command{command} after populating the user home directory with
+files from the skeleton directory.
+
+The user login name is passed to the command as its argument. Before
+invoking, the current working directory is changed to the user home,
+standard input is closed, and standard output is redirected to
+standard errror.
+
+The command should exit with code 0 on success. If it exits with a
+non-zero code, @command{pam_ldaphome} will report
+@samp{PAM_SYSTEM_ERR}.
+@end deffn
+
+@deffn {pam_ldaphome config} initrc-log file
+This statement redirects the standard output and error from the
+@command{initrc-command} to @var{file}.
+@end deffn
+
+@deffn {pam_ldaphome config} initrc-environ env ...
+Modifies the environment of @command{initrc-command}.
+
+This statement takes one or more arguments. Each argument can be one
+of:
+
+@table @asis
+@item - (a dash)
+Clear the environment. This is understood only when used as the first
+argument.
+
+@item -@var{name}
+Unset the environment variable @var{name}.
+
+@item -@var{name}=@var{val}
+Unset the environment variable @var{name} only if its value is @var{val}.
+
+@item @var{name}
+Retain the environment variable @var{name}.
+
+@item @var{name}=@var{value}
+Define environment variable @var{name} to have given @var{value}.
+
+@item @var{name}+=@var{value}
+Retain variable @var{name} and append @var{value} to its existing
+value. If no such variable is present in the environment, it is
+created and @var{value} is assigned to it. However, if @var{value}
+begins with a punctuation character, this character is removed from it
+before the assignment. This is convenient for using this construct with
+environment variables like @env{PATH}, e.g.:
+
+@smallexample
+PATH+=:/sbin
+@end smallexample
+
+In this example, if @env{PATH} exists, @samp{:/sbin} will be appended
+to it. Otherwise, it will be created and @samp{/sbin} will be
+assigned to it.
+
+@item @var{name}=+@var{value}
+Retain variable @var{name} and prepend @var{value} to its existing
+value. If no such variable is present in the environment, it is
+created and @var{value} is assigned to it. However, if @var{value}
+ends with a punctuation character, this character is removed from it
+before assignment.
+@end table
+
+The @var{value} part can be enclosed in single or double quotes, in
+which case the usual shell dequoting rules apply.
+@end deffn
+
@menu
* ldaphome example::
@end menu
diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in
index 20c7810..6d74e4e 100644
--- a/doc/pam_ldaphome.8in
+++ b/doc/pam_ldaphome.8in
@@ -128,6 +128,58 @@ operation, this value must be the same as the value of
\fBAuthorizedKeysFile\fR variable in
.BR sshd_config (5).
Unless you change the latter, there's no need to edit it.
+.TP
+.BI initrc\-command " COMMAND"
+Run \fICOMMAND\fR after populating the user home directory with
+files from the skeleton directory. The user login name is passed to
+\fICOMMAND\fR as its argument. Before invoking, the current working
+directory is changed to the user home, standard input is closed, and
+standard output is redirected to standard errror.
+
+The command should exit with code 0 on success. If it exits with a
+non-zero code, PAM_SYSTEM_ERR will be reported.
+.TP
+.BI initrc-log " FILE"
+Redirects standard output and error from the
+\fBinitrc\-command\fR to \fIFILE\fR.
+.TP
+\fBinitrc\-environ\fR \fIENV\fR ...
+Modifies the environment of \fBinitrc\-command\fR.
+
+This statement takes one or more arguments. Each argument can be one
+of:
+.RS +4
+.TP
+.BR \- " (a dash)"
+Clear the environment. This is understood only when used as the first
+argument.
+.TP
+\fB\-\fINAME\fR
+Unset the environment variable \fINAME\fR.
+.TP
+\fB\-\fINAME\fB=\fIVALUE\fR
+Unset the environment variable \fINAME\fR only if it has the given \fIVALUE\fR.
+.TP
+.I NAME
+Retain the environment variable \fINAME\fR.
+.TP
+\fINAME\fB=\fIVALUE\fR
+Define environment variable \fINAME\fR to have given \fIVALUE\fR.
+.TP
+\fINAME\fB+=\fIVALUE\fR
+Retain the variable \fINAME\fR and append \fIVALUE\fR to its existing
+value. If no such variable is present in the environment, it is
+created. If \fIVALUE\fR begins with a punctuation character, this character
+is removed from it before the assignment.
+.TP
+\fINAME\fB=+\fIVALUE\fR
+Retain variable \fINAME\fR and prepend \fIVALUE\fR to its existing
+value. If no such variable is present in the environment, it is
+created. If \fIVALUE\fR ends with a punctuation character, this character
+is removed from it before assignment.
+.RE
+The \fIVALUE\fR part can be enclosed in single or double quotes, in
+which case the usual shell dequoting rules apply.
.SH OPTIONS
.TP
.BI config= FILE

Return to:

Send suggestions and report system problems to the System administrator.