Re: https://wiki.debian.org/DotFiles

[Max Nikulin <manikulin@gmail.com>]

On 20/04/2025 10:37, Greg Wooledge wrote:
> On Sun, Apr 20, 2025 at 10:32:37 +0700, Max Nikulin wrote:
> > P.S. DotFiles does not mention that PATH may be set through /etc/login.defs.
>
> I don't think this is true; it changed in Debian 10 when the shadow-utils
> suite was dropped in favor of util-linux.
>
> hobbit:~$ man login.defs
> [...]
> BUGS
>         Much of the functionality that used to be provided by the shadow
>         password suite is now handled by PAM. Thus, /etc/login.defs is no
>         longer used by passwd(1), or less used by login(1), and su(1). Please
>         refer to the corresponding PAM configuration files instead.

I have in mind your favorite complain concerning su without "-" and
"ALWAYS_SET_PATH yes" in /etc/default/su. This case ENV_SUPATH or 
ENV_PATH from /etc/login.defs (or from /etc/default/su) is used.

A more exotic case is PATH setting removed from /etc/profile. Then shell 
does not override PATH set by login(1) on VT.

Header of login.defs:

> # Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
> # If unspecified, some arbitrary (and possibly incorrect) value will
> # be assumed.  All other items are optional - if not specified then

As to PAM, in default Debian configuration no files read by pam_env.so 
set PATH.

I do not mind that other tools like sudo, setpriv, lightdm, ssh have 
their own settings or hardcoded values and they ignore login.defs.