I implemented a pluggable authentication module (PAM) called checkConnections.
I initially put this executable in /usr/local/sbin/ because Filesystem Hierarchy Standard says locally installed system tools go to this place. Thus the executable is used like this
session required pam_exec.so stdout /usr/local/sbin/checkConnections 10
This works fine but regular users are able to see this executable through tab-completion because /etc/environment adds /usr/local/sbin to PATH.
My goal is that my system administration tools shall not pollute regular users' views. They by default shall not see my system administration tools.
I was thinking to remove sbin folders from /etc/environment, but https://askubuntu.com/a/866169/703866 recommends against that.
At least you should not remove any of the important paths like /bin, /sbin, /usr/bin and /usr/sbin from it.
If I put checkConnections to somewhere else, I don't know what's the best or standard place.
Please advise.
