openssh unix dev - Jan 2002 - AIX reading /etc/environment out of step.

I was discussing with Don about a private topic..and while skimming the
code I noticed that during a 'ssh mouring at site ls'  the
/etc/environment
is *ONLY* read if the remote machine is an AIX box.  This is undocumented
and I'm wondering if someone using AIX could explain WHY it exists in the
session.c:do_child()?  No other OS has this.  I don't see why AIX should
require it.

Can someone JUSTIFY this to me the fact we are going against our own
documentation for a single platform?

- Ben

The /etc/environment file is an AIX-ism that is basically used to
set system-wide environment variable defaults.  In the case of
interactive sessions via telnet or rlogin, I believe it is the
telnetd or rlogind which reads that file, so sshd would have to do
the same thing.

Poor design choice, perhaps, and I could also be wrong about where
/etc/environment really gets read (I haven't done any specific
testing of it).  But by reading it in do_child() you pick up any
changes to the file without having to restart the parent sshd even
if it originally gets read somewhere else.

=Dave

mouring at etoh.eviladmin.org wrote:
> 
> I was discussing with Don about a private topic..and while skimming the
> code I noticed that during a 'ssh mouring at site ls'  the
/etc/environment
> is *ONLY* read if the remote machine is an AIX box.  This is undocumented
> and I'm wondering if someone using AIX could explain WHY it exists in
the
> session.c:do_child()?  No other OS has this.  I don't see why AIX
should
> require it.
> 
> Can someone JUSTIFY this to me the fact we are going against our own
> documentation for a single platform?

-- 
Hello World.                                    David Bronder - Systems Admin
Segmentation Fault                                     ITS-SPA, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm.   david-bronder at uiowa.edu

At 12:09 PM -0600 1/22/02, <mouring at etoh.eviladmin.org>
wrote:
>I was discussing with Don about a private topic..and while skimming the
>code I noticed that during a 'ssh mouring at site ls'  the
/etc/environment
>is *ONLY* read if the remote machine is an AIX box.  This is undocumented
>and I'm wondering if someone using AIX could explain WHY it exists in
the
>session.c:do_child()?  No other OS has this.  I don't see why AIX should
>require it.
>
>Can someone JUSTIFY this to me the fact we are going against our own
>documentation for a single platform?
I can't justify it to you, or speak to the behavior on other 
platforms, but on AIX, /etc/environment is supposed to be read for 
*every* process's environment.  Again, I don't know much about other 
platforms, if it is not read on AIX, then the process will have no 
concept of the standard variables whose values would be assumed, 
i.e., "TZ", "LANG", "LOCPATH",
"NLSPATH", and perhaps most important,
"ODMDIR".

How other OSes deal with those items is something I don't know anything
about.

In short, I don't know if it is considered "correct" or not, based
on
the OpenSSH documentation, but I suspect that if it is changed, AIX 
will break and the word will end.


 From the "environment" manpage ...

environment File

Purpose

Sets up the user environment.

Description

The /etc/environment file contains variables specifying the basic environment
for all processes. When a new process begins, the exec subroutine 
makes an array
of strings available that have the form Name=Value. This array of strings is
called the environment. Each name defined by one of the strings is called an
environment variable or shell variable. The exec subroutine allows the entire
environment to be set at one time.

-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
Sandor W. Sklar  -  Unix Systems Administrator  -  Stanford University ITSS
   Non impediti ratione cogitationis.  
<http://whippet.stanford.edu/~ssklar/>
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Hi,

On Tue, Jan 22, 2002 at 12:09:13PM -0600, mouring at etoh.eviladmin.org
wrote:
> I was discussing with Don about a private topic..and while skimming the
> code I noticed that during a 'ssh mouring at site ls'  the
/etc/environment
> is *ONLY* read if the remote machine is an AIX box.  This is undocumented
> and I'm wondering if someone using AIX could explain WHY it exists in
the
> session.c:do_child()?  No other OS has this.  I don't see why AIX
should
> require it.
All other ways to log into AIX read this.  So by doing it you're easing
switchover from rlogin/whatever to ssh.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at
greenie.muc.de
fax: +49-89-35655025                        gert.doering at
physik.tu-muenchen.de

/etc/environment on AIX is the place to put environment variables
for all processes... (independent of shell!)
The current code does what an AIX-admin would expect.

J?rg Petersen

-----Original Message-----
....
> All other ways to log into AIX read this.  So by doing it you're easing
> switchover from rlogin/whatever to ssh.
>
Still don't like the idea.  You sure it is required in this location and
should not be somewhere else?  Like for interactive sessions only?
Remember this is include for all subsystems.
...

On Wed, Jan 23, 2002 at 10:50:01AM -0500, Carson Gaspar
wrote:
> Solaris has something vaguely similar - /etc/default/login. Does PAM take 
> care of this for us, or does OpenSSH just ignore it?
/etc/default/login is not only a list of environment variables.

Actually AIX allready has limited PAM support in AIX v5.1. This is
part of the Linux/AIX integration work. Version 5.2 will have fully
supported
PAM libraries. My guess is they are  building supported modules for DCE/AFS
etc. before it is officially released/supported.

AIX is moving the way of Linux so after many years these differences
should dissapear. They might keep stuff around for backwards compatibility
:(

EdGy


<mouring at etoh.eviladmin.org>@mindrot.org on 01/23/2002 11:48:02

Sent by:    openssh-unix-dev-admin at mindrot.org


To:    Gert Doering <gert at greenie.muc.de>
cc:    "Booker C. Bense" <bbense at networking.stanford.edu>,
       <openssh-unix-dev at mindrot.org>
Subject:    Re: AIX reading /etc/environment out of step.





On Wed, 23 Jan 2002, Gert Doering wrote:
> Hi,
>
> On Wed, Jan 23, 2002 at 09:35:42AM -0600, mouring at etoh.eviladmin.org
wrote:
> > > - It's the AIX way. There are variables set in there that are
required
> > > for interaction with the system libraries. You either have to
read it
> > > or duplicate it.
> >
> > However you do get why I don't like it.  It is undocumented and is
> > targeted to a single platform.
>
> So let's document it? :-)
>
> As for "single platform" - well, other platforms don't do it
that way,
> so if we start doing it, it might also lead to nasty surprises.
>
Issue with documentation..

1) Who will maintain all the diferences in the manpages?

2) Why would someone running Linux/Redhat care about an AIX 'feature'?
Same goes for people in AIX..Why do they care about PAM since they don't
use it.

One would almost have to have a manpage per OS.  Which would be impratical
to maintain.

My main intent is for some known who understand AIX well enough to ensure
the code is in the right place.  It stuck out like a bike with a bent
front wheel while skimming that part of the code whiling discussing about
'clean untampered environments' (mainly because the manpage makes a
point
to define what is read on establishing a ssh shell).

On the same note.. I assume AIX has it's own krb4.  Otherwise the nice
krb4 variables set in do_child() will be overwritten a few lines down.

- Ben

_______________________________________________
openssh-unix-dev at mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

On Wed, Jan 23, 2002 at 10:34:22AM -0800, Darren J Moffat
wrote:
> Nicolas Williams wrote:
> 
> > > > /etc/default/login is not only a list of environment
variables.
> > >
> > >
> > > I'd drop the only from that statement to make it 100%
correct.
> >
> > That would be wrong. Though the contents of /etc/default/login looks
> > like environment variable settings, the semantics of the variables
> > listed in there are not so simple.
> 
> Isn't that what I just said and further clarified in the rest of my
message ?
> 
> dropping the only makes the sentance:
> 
> /etc/default/login is not a list of environment variables.
Oy! I mis-parsed.

My apologies.
> --
> Darren J Moffat
> 
> 

Nico
--

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.