# Make ~/.pam_environment work again

November 8, 2016

In the early days of Linux, when we used to start X with startx, your GUI environment was directly inherited from your console environment. So if you wanted to set or change an environment variable, you’d just put it in ~/.profile.

Nowadays we use display managers such as gdm, and the recommended way to set environment variables is in ~/.pam_environment, which is read by the pam_env module. The syntax of that file is

PATH OVERRIDE=/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin
LANG OVERRIDE=en_US.UTF-8

After a recent update I noticed that even this stopped working. Turns out that this feature was marked as a security issue and disabled by default.

On a typical laptop, where there are no hostile local users, you can enable it back.

1. Find the file in /etc/pam.d that corresponds to your display manager, such as /etc/pam.d/lightdm for lightdm.

2. Find the line in that file that says

auth       required    pam_env.so

and change it to

auth       required    pam_env.so user_readenv=1