PrivSep and PAM environment variable setting

Chris Adams cmadams at
Sun Mar 12 05:51:53 EST 2006

Once upon a time, Darren Tucker <dtucker at> said:
> On Fri, Mar 10, 2006 at 09:51:45AM -0600, Chris Adams wrote:
> > I'm trying to use the PAM "" module on Linux to set the MAIL
> > environment variable (so I don't have to try to do it in various shell
> > init scripts), but the MAIL setting doesn't get passed through unless I
> > disable PrivilegeSeparation.
> > 
> > Is there a way to have PAM set environment variables when PrivSep is
> > enabled?
> I think it should work.  What version of OpenSSH and LinuxPAM are you
> using, and what does the PAM config file look like?

I started out on a RHEL system with:


and then tried on a FC rawhide (essentially FC5 at this point) system


I added the line:

auth        required      /lib/security/$ISA/ hash=2

to /etc/pam.d/system-auth right after the line (on the FC5
system I left out the "/lib/security/$ISA/" as that was how the other
entries were written).

I had to comment out the setting of MAIL in /etc/profile (or that
overrides anything OpenSSH or PAM set).

Hmm, it appears to be a problem specific to  If I configure to change MAIL to "xyzzy", it works.  I guess I'll have to
dig at that some more.
Chris Adams <cmadams at>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the openssh-unix-dev mailing list