I have switched to using
~/.pam_environment for setting my user environment variables, and it works quite well. PAM takes care of setting everything, regardless of what shell I’m using, how I’m using it, ect. The one place where I’ve noticed an issue is when opening an interactive shell with
sudo -i; It seems as though
~/.pam_environment is not used. For example, if I’d like to switch to user
foo, I’d run
sudo -iu foo. After doing so, none of the environment variables specified in
/home/foo/.pam_environment are set.
All I’ve found pertaining to this subject is the fact that
sudo will not carry over most (if not all) environment variables to the created process. However, I don’t want to carry over the old environment variables; I just want to honor the ones of the user I’m changing to.
Is there a way to do this? Is there a reason (security?) that this is not the default behavior?