Provided by: libpam-modules_1.5.2-2ubuntu1_amd64 bug


       pam_env.conf, environment - the environment variables config files


       The /etc/security/pam_env.conf file specifies the environment variables to be set, unset
       or modified by pam_env(8). When someone logs in, this file is read and the environment
       variables are set according.

       Each line starts with the variable name, there are then two possible options for each
       variable DEFAULT and OVERRIDE. DEFAULT allows an administrator to set the value of the
       variable to some default value, if none is supplied then the empty string is assumed. The
       OVERRIDE option tells pam_env that it should enter in its value (overriding the default
       value) if there is one to use. OVERRIDE is not used, "" is assumed and no override will be

       VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]

       (Possibly non-existent) environment variables may be used in values using the ${string}
       syntax and (possibly non-existent) PAM_ITEMs as well as HOME and SHELL may be used in
       values using the @{string} syntax. Both the $ and @ characters can be backslash escaped to
       be used as literal values values can be delimited with "", escaped " not supported. Note
       that many environment variables that you would like to use may not be set by the time the
       module is called. For example, ${HOME} is used below several times, but many PAM
       applications don't make it available by the time you need it. The special variables
       @{HOME} and @{SHELL} are expanded to the values for the user from his passwd entry.

       The "#" character at start of line (no space at front) can be used to mark this line as a
       comment line.

       The /etc/environment file specifies the environment variables to be set. The file must
       consist of simple NAME=VALUE pairs on separate lines. The pam_env(8) module will read the
       file after the pam_env.conf file.


       These are some example lines which might be specified in /etc/security/pam_env.conf.

       Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather
       than not being set at all

                 REMOTEHOST     DEFAULT=localhost OVERRIDE=@{PAM_RHOST}

       Set the DISPLAY variable if it seems reasonable


       Now some simple variables

                 PAGER          DEFAULT=less
                 MANPAGER       DEFAULT=less
                 LESS           DEFAULT="M q e h15 z23 b80"
                 NNTPSERVER     DEFAULT=localhost
                 PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
                 XDG_DATA_HOME  DEFAULT=@{HOME}/share/

       Silly examples of escaped variables, just to show how they work.

                 DOLLAR         DEFAULT=\$
                 DOLLARDOLLAR   DEFAULT=        OVERRIDE=\$${DOLLAR}
                 ATSIGN         DEFAULT=""      OVERRIDE=\@


       pam_env(8), pam.d(5), pam(7), environ(7)


       pam_env was written by Dave Kinchlea <>.