Roman Cheplyaka

Make ~/.pam_environment work again

Published on November 8, 2016; tags: Linux

In the early days of Linux, when we used to start X with startx, your GUI environment was directly inherited from your console environment. So if you wanted to set or change an environment variable, you’d just put it in ~/.profile.

Nowadays we use display managers such as gdm, and the recommended way to set environment variables is in ~/.pam_environment, which is read by the pam_env module. The syntax of that file is

PATH OVERRIDE=/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin

After a recent update I noticed that even this stopped working. Turns out that this feature was marked as a security issue and disabled by default.

On a typical laptop, where there are no hostile local users, you can enable it back.

  1. Find the file in /etc/pam.d that corresponds to your display manager, such as /etc/pam.d/lightdm for lightdm.

  2. Find the line in that file that says

    auth       required

    and change it to

    auth       required user_readenv=1
  3. Restart your display manager.

For what it’s worth, I haven’t made this work for gdm. If you have, let me know.