There is unfortunately no fully portable location to set environment variables. The two files that come closest are ~/.profile
, which is the traditional location and works out of the box on many setups, and ~/.pam_environment
, a modern, commonplace but limited alternative.
What to put in ~/.pam_environment
The file ~/.pam_environment
is read by all login methods that use PAM and that have this file enabled. This covers most Linux systems nowadays.
The major advantage of ~/.pam_environment
is that (when enabled) it is read before the user's shell starts, so it works regardless of the session type, login shell and other complexities. It even works for non-interactive logins such as su -c somecommand
and ssh somecommand
.
The major limitation of ~/.pam_environment
is that you can only put simple assignments there, not complex shell syntax. The syntax of this file is as follows.
- Files are parsed line by line.
- Each line must have the form
VAR=VALUE
where VAR consists of letters, digits and underscores. The alternative form VAR DEFAULT=value
allows expansions of environment variables using ${VAR}
syntax and the special variables @{HOME}
and @{SHELL}
.
#
starts a comment, it cannot appear in a value.
- If VALUE is surrounded by
"
, then VAR is set to the string between the quotes.
\$
or \@
insert a literal $
or @
and long lines can be split by escaping the newline with a \
.
- If there is a syntax error such as no
=
or unquoted whitespace, the variable is removed from the environment.
So on the upside, ~/.pam_environment
works in a large array of circumstances. On the downside, you cannot use the output of a command (e.g. test if a directory or program is present), and some characters (#"
, newline) are impossible or troublesome to put in the value.
What to put in ~/.profile
This file should have portable (POSIX) sh syntax. Only use ksh or bash extensions (arrays, [[ … ]]
, etc.) if you know that your system has these shells as /bin/sh
.
This file may be read by scripts in automated applications, so it should not call programs that produce any output or call exec
. If you want to do that on text-mode logins, do it only for interactive shells. Example:
case $- in *i*)
# Display a message if I have new mail
if mail -e; then echo 'You have new mail'; fi
# If zsh is available, and this looks like a text-mode login, run zsh
case "`ps $PPID` " in
*" login "*)
if type zsh >/dev/null 2>/dev/null; then exec zsh; fi;;
esac
esac
This is an example of using /bin/sh
as your login shell and switching to your favorite shell. See also how can I use bash as my login shell when my sysadmin refuses to let me change it
When is ~/.profile
not read on non-graphical login?
Different login shells read different files.
If your login shell is bash
Bash reads ~/.bash_login
or ~/.bash_profile
if they exist instead of ~/.profile
. Also bash does not read ~/.bashrc
in a login shell even if it is interactive. To never have to remember these quirks again, create a ~/.bash_profile
with the following two lines:
. ~/.profile
case $- in *i*) . ~/.bashrc;; esac
See also Which setup files should be used for setting up environment variables with bash?
If your login shell is zsh
Zsh reads ~/.zprofile
and ~/.zlogin
, but not ~/.profile
. Zsh has a different syntax from sh, but can read ~/.profile
in sh emulation mode. You can use this for your ~/.zprofile
:
emulate sh -c '. ~/.profile'
See also Zsh not hitting ~/.profile
If your login shell is some other shell
There's not much you can do there, short of using /bin/sh
as your login shell and your favorite shell (such as fish) as an interactive shell only. That's what I do with zsh. See above for an example of invoking another shell from ~/.profile
.
Remote commands
When invoking a remote command without going through an interactive shell, not all shells read a startup file.
Ksh reads the file specified by the ENV
variable, if you manage to pass it.
Bash reads ~/.bashrc
if it is not interactive (!) and its parent process is called rshd
or sshd
. So you can start your ~/.bashrc
with
if [[ $- != *i* ]]; then
. ~/.profile
return
fi
Zsh always reads ~/.zshenv
when it starts. Use with caution, since this is read by every single instance of zsh, even when it is a subshell where you've set other variables. If zsh is your login shell and you want to use it to set variables only for remote commands, use a guard: set some variable in ~/.profile
, such as MY_ENVIRONMENT_HAS_BEEN_SET=yes
, and check this guard before reading ~/.profile
.
if [[ -z $MY_ENVIRONMENT_HAS_BEEN_SET ]]; then emulate sh -c '~/.profile'; fi
The case of graphical logins
Many distributions, display managers and desktop environments arrange to run ~/.profile
, either by explicitly sourcing it from the startup scripts or by running a login shell.
Unfortunately, there is no general method to handle distro/DM/DE combinations where ~/.profile
is not read.
If you use a traditional session started by ~/.xsession
, this is the place where you should set your environment variables; do it by sourcing ~/.profile
(i.e. . ~/.profile
). Note that in some setups, the desktop environment startup scripts will source ~/.profile
again.
You can't have several users with the same UID. If they have the same UID, then they're the same user.
What you have is multiple entries in the user database for the same user. That's possible in all unix variants I've seen. The user name determines which entry is used and thus which password, home directory and shell applies at login time. The first entry determines what id-based lookups to the user database will return. Some applications look up the user database by name (using perhaps $USER
), others by UID; if they use the UID, then they'll get the first entry and you can't do anything about it.
This is a cute setup, but it's one of these cute but mostly useless things. It's unusual: if you have any fellow administrator, they won't thank you for it; many applications won't bother to cover this case and may behave suboptimally (e.g. depend on your $LOGNAME
for some functionality, resulting in using different data depending on what user name you logged in as). It's also error-prone: you need to use root access to create the second entry, you need to remember to edit both entries in passwd
or shadow
(e.g. to change your password, which will require root access unlike normal passwd
invocation). You should do that only if you have a very good reason.
If all you wanted was to have the same username for SSH, then the way everybody else does it is with aliases in .ssh/config
. That's what they're for. It's simpler to set up, doesn't require more privileges, and doesn't set up an unusual and potentially confusing configuration.
One useful use of multiple entries for the same user is a rescue user when things go wrong. For example, a toor
account (traditional name) whose shell is a statically-linked binary, which you use only for system repair.
Best Answer
The quickest way is to set up a NIS server and install and configure ypbind to use it. Put the user accounts there. Then configure the /etc/nssswitch.conf on every machine to use the nis service for passwd and group.