Bug#330420: [Pkg-shadow-devel] Bug#330420: login: Breaks system-wide
maildir spools
Christian Perrier
bubulle at debian.org
Thu Sep 29 05:58:22 UTC 2005
> > That seems to be the problem. We certainly need to remove the "noenv"
> > directive from the pam_mail line in the default login PAM
> > configuration file:
>
> What will userdel do, then? If it will do something stupid, it needs to be
> fixed as well. In fact, I don't understand the reason for breaking maildir
> support in login at all
>
> noenv must be removed from pam_mail in *all* PAM profiles, including sudo,
> ssh, (and added to su's most probably).
Confirmed.
So, as far as shadow is concerned, the following changes should take
place:
-remove "noenv" for login
-add "session optional pam_mail.so standard" for su
We have a tricky problem here:
- if we do this "su <user>" will NOT keep MAIL set as it was before
su invocation
- if we don't, "su - <user>" will NOT set MAIL
I actually prefer having a properly working "su -" behaviour
userdel seems to handle these things well:
root at cc-mykerinos:/usr/share/doc/libpam-modules# ls -l /var/mail/krabs
-rw-rw---- 1 krabs mail 465 2005-09-29 07:42 /var/mail/krabs
root at cc-mykerinos:/usr/share/doc/libpam-modules# userdel -r krabs
root at cc-mykerinos:/usr/share/doc/libpam-modules# ls -l /var/mail/krabs
ls: /var/mail/krabs: Aucun fichier ou répertoire de ce type
We also probably need a better wording for the comment before the
pam_mail lines in /etc/pam.d/login:
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You
# can also enable a MAIL environment variable from here, but it
# is better handled by /etc/login.defs, since userdel also uses
# it to make sure that removing a user, also removes their mail
# spool file.
...is wrong or misleading..../etc/login.defs is not enough, abviously.
More information about the Pkg-shadow-devel
mailing list