From owner-freebsd-questions@freebsd.org Thu Apr 28 09:40:10 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5769B1E335 for ; Thu, 28 Apr 2016 09:40:10 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: from box-fra-01.niklaas.eu (box-fra-01.niklaas.eu [46.165.253.68]) by mx1.freebsd.org (Postfix) with ESMTP id 75FDC13A8 for ; Thu, 28 Apr 2016 09:40:10 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: by box-fra-01.niklaas.eu (Postfix, from userid 1001) id 3FB9261FB2; Thu, 28 Apr 2016 11:40:02 +0200 (CEST) Date: Thu, 28 Apr 2016 11:40:02 +0200 From: Niklaas Baudet von Gersdorff To: freebsd-questions@freebsd.org Subject: Re: Why is www's $PATH only /usr/bin:/bin? Message-ID: <20160428094002.GA43096@box-fra-01.niklaas.eu> Mail-Followup-To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20160427082142.fd56427e6b96fb6fb2b29035@sohara.org> <20160427133304.319a997b@gumby.homeunix.com> <20160427120704.GA77440@becker.bs.l> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 09:40:11 -0000 Thanks for all the replies and explanations. Bertram Scharpf [2016-04-27 14:07 +0200] : > On Tuesday, 26. Apr 2016, 21:40:48 +0200, Niklaas Baudet von Gersdorff wr= ote: > I recommend to include a line into your Apache configuration > (or whichever HTTP server you use) like >=20 > SetEnv PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin I use NGINX but there should be some way to do that there too. RW via freebsd-questions [2016-04-27 13:33 +0100] : > On Wed, 27 Apr 2016 14:07:04 +0200 > Bertram Scharpf wrote: >=20 >=20 > > I wondered as well about this behaviour sometimes. The > > default path from login.conf will be set at login. Yet, the > > www daemon is started from rc and this is not understood to > > be a login. The perverse thing is that when you do a > > "/usr/local/etc/rc.d/apache24 restart" from the command > > line, then the PATH variable will contain the value you > > expect. >=20 > Avoiding that is one of the reasons why service(8) exists. Thanks for pointing that out. I did not know that either. Steve O'Hara-Smith [2016-04-27 08:21 +0100] : > On Tue, 26 Apr 2016 21:40:48 +0200 > Niklaas Baudet von Gersdorff wrote: >=20 > > Hi, > >=20 > > I figured that www's $PATH is only /usr/bin:/bin. Why is that if > > /etc/login.conf says the following? > >=20 > > default:\ > > --------8<-------- > > :path=3D/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbi= n /usr/local/bin > > ~/bin:\ > > --------8<-------- >=20 > I assume you mean this is the path available to CGI or similar > running under a web server. If so then the reason for the discrepancy is = at > least in part that user www never logged in ... >=20 > > /etc/passwd looks like this. > >=20 > > www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin >=20 > ... and indeed cannot log in so the login.conf is not going to > apply. It is also possible (indeed likely) that the web server deliberate= ly > minimises the path passed to CGI scripts for security. Makes sense. Thank you for the explanation! I was not aware of that. > > So, I left everything the default. > >=20 > > The thing is that I want to run something in /usr/local/bin with PHP's > >=20 > > shell_exec($cmd); > >=20 > > but that's not working because it's not in $PATH. > >=20 > > Any hint is very much appreciated. >=20 > It should be possible to adjust the path seen by PHP in the PHP > config. I will try PHP's configuration first. If that's not possible, I'll go for t= he configuration of NGINX. Luca Ferrari [2016-04-27 10:22 +0200] : > On Wed, Apr 27, 2016 at 9:21 AM, Steve O'Hara-Smith wr= ote: > > On Tue, 26 Apr 2016 21:40:48 +0200 > > ... and indeed cannot log in so the login.conf is not going to > > apply. It is also possible (indeed likely) that the web server delibera= tely > > minimises the path passed to CGI scripts for security. >=20 > Exactly. You have to think that PATH can be changed by the running > process, so there is no surprise that is either expanded or shrinked. >=20 > >> The thing is that I want to run something in /usr/local/bin with PHP's > >> > >> shell_exec($cmd); > >> > >> but that's not working because it's not in $PATH. >=20 > I would suggest to either add the path to the php config or to make a > php function to build the absolute path for command based on your > installation or some other condition. That would make the application > portable. In NGINX's configuration it's possible to change php.ini settings for particular server processes. I'll go for that. If that's not possible I'll = try to spawn a separate php-fpm process that configured the way I need it. And = if that's not possible I'll hardcode a function in PHP. =20 Niklaas