environ File

Purpose

Defines the environment attributes for users.

Description

The /etc/security/environ file is an ASCII file that contains stanzas with the environment attributes for users. Each stanza is identified by a user name and contains attributes in the Attribute=Value form, with a comma separating the attributes. Each attribute is ended by a new-line character, and each stanza is ended by an additional new-line character.

If environment attributes are not defined, the system uses default values. Each user stanza can have the following attributes:

Attribute Definition
usrenv Defines variables to be placed in the user environment when the initial login command is given or when the su command resets the environment. The value is a list of comma-separated attributes. The default value is an empty string.
sysenv Defines variables to be placed in the user protected state environment when the initial login command is given or when the su command resets the environment. These variables are protected from access by unprivileged programs so other programs can depend on their values. The default value is an empty string.

For a description of environment variables, refer to the /etc/environment file.

Access to all the user database files should be through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases.

The mkuser command creates a user stanza in this file. The initialization of the attributes depends upon their values in the /usr/lib/security/mkuser.default file. The chuser command can change these attributes, and the lsuser command can display them. The rmuser command removes the entire record for a user.

Security

Access Control:

This command should grant read (r) access to the root user, members of the security group, and others consistent with the security policy for the system. Only the root user should have write (w) access.

Auditing Events:

Event Information
S_ENVIRON_WRITE file name

Examples

A typical stanza looks like the following example for user dhs:

dhs:
   usrenv = "MAIL=/home/spool/mail/dhs,MAILCHECK=600"
   sysenv = "NAME=dhs@delos"

Files

Item Description
/etc/security/environ Specifies the path to the file.
/etc/environment Specifies the basic environment for all processes.
/etc/group Contains the basic attributes of groups.
/etc/security/group Contains the extended attributes of groups.
/etc/passwd Contains the basic attributes of users.
/etc/security/passwd Contains password information.
/etc/security/user Contains the extended attributes of users.
/etc/security/limits Contains the process resource limits of users.
/usr/lib/security/mkuser.default Contains the default values for user accounts.
/etc/security/lastlog Contains last login information.