Christoph Anton Mitterer
2012-Aug-07 21:14 UTC
securely set environment variables per user
Hi. Is there a way to securely set environment variables per user on the remote side? What I want is e.g. that I determine on the remote side, that user foo should always have PATH set to "blafasl". ~/.ssh/environment came to my mind for this,... but it needs PermitUserEnvironment which (according to documentation) allows trickery with things like LD_PRELOAD and which I do not want to allow. Thanks, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5450 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20120807/18698ce8/attachment.bin>
On Tue, Aug 7, 2012 at 5:14 PM, Christoph Anton Mitterer <calestyo at scientia.net> wrote:> Hi. > > Is there a way to securely set environment variables per user on the > remote side?That's not an SSH problem. That's a shell environment problem. If the normal user shell reads ordinary, user modifiable configuration files such as "$HOME/.profile", "$HOME/.bashrc", or "$HOME/.cshrc", you are out of luck. this level of environment management requires a restricted shell.> What I want is e.g. that I determine on the remote side, that user foo > should always have PATH set to "blafasl".The normal way to do that is in the shell configuration used by each user. In theory. Why are you trying to do this?
Possibly Parallel Threads
- [Bug 2287] New: AuthorizedKeysCommandUser should have it's default documented
- [Bug 2329] New: Authorized keys environment parsing error
- [Bug 2354] New: please document that PermitRootLogin really checks for uid=0
- [Bug 2310] New: functionality to start process before ssh and/or to "wrap" such command around ssh
- [Bug 2573] New: dead sessions cannot be closed with ~.