Date: Thu, 28 Apr 2016 11:40:02 +0200 From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu> To: freebsd-questions@freebsd.org Subject: Re: Why is www's $PATH only /usr/bin:/bin? Message-ID: <20160428094002.GA43096@box-fra-01.niklaas.eu> In-Reply-To: <CAKoxK%2B41i=viH9qy-KrnwoioRXwv7U2FYNtP8B-AQW-RmVc_6w@mail.gmail.com> <20160427082142.fd56427e6b96fb6fb2b29035@sohara.org> <20160427133304.319a997b@gumby.homeunix.com> <20160427120704.GA77440@becker.bs.l>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for all the replies and explanations.
Bertram Scharpf [2016-04-27 14:07 +0200] :
> On Tuesday, 26. Apr 2016, 21:40:48 +0200, Niklaas Baudet von Gersdorff wr=
ote:
> I recommend to include a line into your Apache configuration
> (or whichever HTTP server you use) like
>=20
> SetEnv PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
I use NGINX but there should be some way to do that there too.
RW via freebsd-questions [2016-04-27 13:33 +0100] :
> On Wed, 27 Apr 2016 14:07:04 +0200
> Bertram Scharpf wrote:
>=20
>=20
> > I wondered as well about this behaviour sometimes. The
> > default path from login.conf will be set at login. Yet, the
> > www daemon is started from rc and this is not understood to
> > be a login. The perverse thing is that when you do a
> > "/usr/local/etc/rc.d/apache24 restart" from the command
> > line, then the PATH variable will contain the value you
> > expect.
>=20
> Avoiding that is one of the reasons why service(8) exists.
Thanks for pointing that out. I did not know that either.
Steve O'Hara-Smith [2016-04-27 08:21 +0100] :
> On Tue, 26 Apr 2016 21:40:48 +0200
> Niklaas Baudet von Gersdorff <stdin@niklaas.eu> wrote:
>=20
> > Hi,
> >=20
> > I figured that www's $PATH is only /usr/bin:/bin. Why is that if
> > /etc/login.conf says the following?
> >=20
> > default:\
> > --------8<--------
> > :path=3D/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbi=
n /usr/local/bin
> > ~/bin:\
> > --------8<--------
>=20
> I assume you mean this is the path available to CGI or similar
> running under a web server. If so then the reason for the discrepancy is =
at
> least in part that user www never logged in ...
>=20
> > /etc/passwd looks like this.
> >=20
> > www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
>=20
> ... and indeed cannot log in so the login.conf is not going to
> apply. It is also possible (indeed likely) that the web server deliberate=
ly
> minimises the path passed to CGI scripts for security.
Makes sense. Thank you for the explanation! I was not aware of that.
> > So, I left everything the default.
> >=20
> > The thing is that I want to run something in /usr/local/bin with PHP's
> >=20
> > shell_exec($cmd);
> >=20
> > but that's not working because it's not in $PATH.
> >=20
> > Any hint is very much appreciated.
>=20
> It should be possible to adjust the path seen by PHP in the PHP
> config.
I will try PHP's configuration first. If that's not possible, I'll go for t=
he
configuration of NGINX.
Luca Ferrari [2016-04-27 10:22 +0200] :
> On Wed, Apr 27, 2016 at 9:21 AM, Steve O'Hara-Smith <steve@sohara.org> wr=
ote:
> > On Tue, 26 Apr 2016 21:40:48 +0200
> > ... and indeed cannot log in so the login.conf is not going to
> > apply. It is also possible (indeed likely) that the web server delibera=
tely
> > minimises the path passed to CGI scripts for security.
>=20
> Exactly. You have to think that PATH can be changed by the running
> process, so there is no surprise that is either expanded or shrinked.
>=20
> >> The thing is that I want to run something in /usr/local/bin with PHP's
> >>
> >> shell_exec($cmd);
> >>
> >> but that's not working because it's not in $PATH.
>=20
> I would suggest to either add the path to the php config or to make a
> php function to build the absolute path for command based on your
> installation or some other condition. That would make the application
> portable.
In NGINX's configuration it's possible to change php.ini settings for
particular server processes. I'll go for that. If that's not possible I'll =
try
to spawn a separate php-fpm process that configured the way I need it. And =
if
that's not possible I'll hardcode a function in PHP.
=20
Niklaas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160428094002.GA43096>