diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-05-11 11:17:31 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-05-11 11:20:58 +0300 |
commit | 867eaccec7a1324f958d0d86c1a148187212bf6f (patch) | |
tree | fd615a0c3de58a7c5ab6cc8cf20b613a5d58901f /doc | |
parent | e1aa833138248238ceb23def33b3bfbfcc9f4b97 (diff) | |
download | pam-modules-867eaccec7a1324f958d0d86c1a148187212bf6f.tar.gz pam-modules-867eaccec7a1324f958d0d86c1a148187212bf6f.tar.bz2 |
Allow to modify environment of initrc-command
* pam_ldaphome/pam_ldaphome.c (find_env,locate_unset)
(env_concat,parsenv,env_setup): New statics.
(run_prog): Use execve and env_setup to set up the
environment.
* doc/pam-modules.texi: Document new statements.
* doc/pam_ldaphome.8in: Likewise.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/pam-modules.texi | 79 | ||||
-rw-r--r-- | doc/pam_ldaphome.8in | 52 |
2 files changed, 129 insertions, 2 deletions
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi index a0578da..87c4d6c 100644 --- a/doc/pam-modules.texi +++ b/doc/pam-modules.texi @@ -1172,7 +1172,7 @@ if the directory part of its name is listed in @var{path}. @deffn {pam_ldaphome config} skel dir Supplies the name of a @dfn{skeleton directory}. The contents of this directory is copied to the newly created user home directory. The -file modes and permissions are retained. +file modes and permissions are preserved. @end deffn @deffn {pam_ldaphome config} uri arg @@ -1250,7 +1250,7 @@ filters as defined in RFC 4515. @end deffn @deffn {pam_ldaphome config} pubkey-attr text -Defines the name of the attribute keeping user public key. +Defines the name of the attribute which holds the user public key. @end deffn @deffn {pam_ldaphome config} copy-buf-size n @@ -1274,6 +1274,81 @@ operation, this value must be the same as the value of change the latter, there's no need to edit it. @end deffn +The following statements instruct @command{pam_ldaphome} to invoke an +external command after initializing the user home directory. This can +be used to customize the files copied from the skeleton directory +according to the user. + +@deffn {pam_ldaphome config} initrc-command command +Run @command{command} after populating the user home directory with +files from the skeleton directory. + +The user login name is passed to the command as its argument. Before +invoking, the current working directory is changed to the user home, +standard input is closed, and standard output is redirected to +standard errror. + +The command should exit with code 0 on success. If it exits with a +non-zero code, @command{pam_ldaphome} will report +@samp{PAM_SYSTEM_ERR}. +@end deffn + +@deffn {pam_ldaphome config} initrc-log file +This statement redirects the standard output and error from the +@command{initrc-command} to @var{file}. +@end deffn + +@deffn {pam_ldaphome config} initrc-environ env ... +Modifies the environment of @command{initrc-command}. + +This statement takes one or more arguments. Each argument can be one +of: + +@table @asis +@item - (a dash) +Clear the environment. This is understood only when used as the first +argument. + +@item -@var{name} +Unset the environment variable @var{name}. + +@item -@var{name}=@var{val} +Unset the environment variable @var{name} only if its value is @var{val}. + +@item @var{name} +Retain the environment variable @var{name}. + +@item @var{name}=@var{value} +Define environment variable @var{name} to have given @var{value}. + +@item @var{name}+=@var{value} +Retain variable @var{name} and append @var{value} to its existing +value. If no such variable is present in the environment, it is +created and @var{value} is assigned to it. However, if @var{value} +begins with a punctuation character, this character is removed from it +before the assignment. This is convenient for using this construct with +environment variables like @env{PATH}, e.g.: + +@smallexample +PATH+=:/sbin +@end smallexample + +In this example, if @env{PATH} exists, @samp{:/sbin} will be appended +to it. Otherwise, it will be created and @samp{/sbin} will be +assigned to it. + +@item @var{name}=+@var{value} +Retain variable @var{name} and prepend @var{value} to its existing +value. If no such variable is present in the environment, it is +created and @var{value} is assigned to it. However, if @var{value} +ends with a punctuation character, this character is removed from it +before assignment. +@end table + +The @var{value} part can be enclosed in single or double quotes, in +which case the usual shell dequoting rules apply. +@end deffn + @menu * ldaphome example:: @end menu diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in index 20c7810..6d74e4e 100644 --- a/doc/pam_ldaphome.8in +++ b/doc/pam_ldaphome.8in @@ -128,6 +128,58 @@ operation, this value must be the same as the value of \fBAuthorizedKeysFile\fR variable in .BR sshd_config (5). Unless you change the latter, there's no need to edit it. +.TP +.BI initrc\-command " COMMAND" +Run \fICOMMAND\fR after populating the user home directory with +files from the skeleton directory. The user login name is passed to +\fICOMMAND\fR as its argument. Before invoking, the current working +directory is changed to the user home, standard input is closed, and +standard output is redirected to standard errror. + +The command should exit with code 0 on success. If it exits with a +non-zero code, PAM_SYSTEM_ERR will be reported. +.TP +.BI initrc-log " FILE" +Redirects standard output and error from the +\fBinitrc\-command\fR to \fIFILE\fR. +.TP +\fBinitrc\-environ\fR \fIENV\fR ... +Modifies the environment of \fBinitrc\-command\fR. + +This statement takes one or more arguments. Each argument can be one +of: +.RS +4 +.TP +.BR \- " (a dash)" +Clear the environment. This is understood only when used as the first +argument. +.TP +\fB\-\fINAME\fR +Unset the environment variable \fINAME\fR. +.TP +\fB\-\fINAME\fB=\fIVALUE\fR +Unset the environment variable \fINAME\fR only if it has the given \fIVALUE\fR. +.TP +.I NAME +Retain the environment variable \fINAME\fR. +.TP +\fINAME\fB=\fIVALUE\fR +Define environment variable \fINAME\fR to have given \fIVALUE\fR. +.TP +\fINAME\fB+=\fIVALUE\fR +Retain the variable \fINAME\fR and append \fIVALUE\fR to its existing +value. If no such variable is present in the environment, it is +created. If \fIVALUE\fR begins with a punctuation character, this character +is removed from it before the assignment. +.TP +\fINAME\fB=+\fIVALUE\fR +Retain variable \fINAME\fR and prepend \fIVALUE\fR to its existing +value. If no such variable is present in the environment, it is +created. If \fIVALUE\fR ends with a punctuation character, this character +is removed from it before assignment. +.RE +The \fIVALUE\fR part can be enclosed in single or double quotes, in +which case the usual shell dequoting rules apply. .SH OPTIONS .TP .BI config= FILE |