On 20/04/2025 10:37, Greg Wooledge wrote:
On Sun, Apr 20, 2025 at 10:32:37 +0700, Max Nikulin wrote:
P.S. DotFiles does not mention that PATH may be set through /etc/login.defs.
I don't think this is true; it changed in Debian 10 when the shadow-utils
suite was dropped in favor of util-linux.
hobbit:~$ man login.defs
[...]
BUGS
Much of the functionality that used to be provided by the shadow
password suite is now handled by PAM. Thus, /etc/login.defs is no
longer used by passwd(1), or less used by login(1), and su(1). Please
refer to the corresponding PAM configuration files instead.
I have in mind your favorite complain concerning su without "-" and
"ALWAYS_SET_PATH yes" in /etc/default/su. This case ENV_SUPATH or
ENV_PATH from /etc/login.defs (or from /etc/default/su) is used.
A more exotic case is PATH setting removed from /etc/profile. Then shell
does not override PATH set by login(1) on VT.
Header of login.defs:
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
# If unspecified, some arbitrary (and possibly incorrect) value will
# be assumed. All other items are optional - if not specified then
As to PAM, in default Debian configuration no files read by pam_env.so
set PATH.
I do not mind that other tools like sudo, setpriv, lightdm, ssh have
their own settings or hardcoded values and they ignore login.defs.
