Date: Thu, 28 Apr 2016 11:40:02 +0200 From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu> To: freebsd-questions@freebsd.org Subject: Re: Why is www's $PATH only /usr/bin:/bin? Message-ID: <20160428094002.GA43096@box-fra-01.niklaas.eu> In-Reply-To: <CAKoxK%2B41i=viH9qy-KrnwoioRXwv7U2FYNtP8B-AQW-RmVc_6w@mail.gmail.com> <20160427082142.fd56427e6b96fb6fb2b29035@sohara.org> <20160427133304.319a997b@gumby.homeunix.com> <20160427120704.GA77440@becker.bs.l>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for all the replies and explanations. Bertram Scharpf [2016-04-27 14:07 +0200] : > On Tuesday, 26. Apr 2016, 21:40:48 +0200, Niklaas Baudet von Gersdorff wr= ote: > I recommend to include a line into your Apache configuration > (or whichever HTTP server you use) like >=20 > SetEnv PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin I use NGINX but there should be some way to do that there too. RW via freebsd-questions [2016-04-27 13:33 +0100] : > On Wed, 27 Apr 2016 14:07:04 +0200 > Bertram Scharpf wrote: >=20 >=20 > > I wondered as well about this behaviour sometimes. The > > default path from login.conf will be set at login. Yet, the > > www daemon is started from rc and this is not understood to > > be a login. The perverse thing is that when you do a > > "/usr/local/etc/rc.d/apache24 restart" from the command > > line, then the PATH variable will contain the value you > > expect. >=20 > Avoiding that is one of the reasons why service(8) exists. Thanks for pointing that out. I did not know that either. Steve O'Hara-Smith [2016-04-27 08:21 +0100] : > On Tue, 26 Apr 2016 21:40:48 +0200 > Niklaas Baudet von Gersdorff <stdin@niklaas.eu> wrote: >=20 > > Hi, > >=20 > > I figured that www's $PATH is only /usr/bin:/bin. Why is that if > > /etc/login.conf says the following? > >=20 > > default:\ > > --------8<-------- > > :path=3D/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbi= n /usr/local/bin > > ~/bin:\ > > --------8<-------- >=20 > I assume you mean this is the path available to CGI or similar > running under a web server. If so then the reason for the discrepancy is = at > least in part that user www never logged in ... >=20 > > /etc/passwd looks like this. > >=20 > > www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin >=20 > ... and indeed cannot log in so the login.conf is not going to > apply. It is also possible (indeed likely) that the web server deliberate= ly > minimises the path passed to CGI scripts for security. Makes sense. Thank you for the explanation! I was not aware of that. > > So, I left everything the default. > >=20 > > The thing is that I want to run something in /usr/local/bin with PHP's > >=20 > > shell_exec($cmd); > >=20 > > but that's not working because it's not in $PATH. > >=20 > > Any hint is very much appreciated. >=20 > It should be possible to adjust the path seen by PHP in the PHP > config. I will try PHP's configuration first. If that's not possible, I'll go for t= he configuration of NGINX. Luca Ferrari [2016-04-27 10:22 +0200] : > On Wed, Apr 27, 2016 at 9:21 AM, Steve O'Hara-Smith <steve@sohara.org> wr= ote: > > On Tue, 26 Apr 2016 21:40:48 +0200 > > ... and indeed cannot log in so the login.conf is not going to > > apply. It is also possible (indeed likely) that the web server delibera= tely > > minimises the path passed to CGI scripts for security. >=20 > Exactly. You have to think that PATH can be changed by the running > process, so there is no surprise that is either expanded or shrinked. >=20 > >> The thing is that I want to run something in /usr/local/bin with PHP's > >> > >> shell_exec($cmd); > >> > >> but that's not working because it's not in $PATH. >=20 > I would suggest to either add the path to the php config or to make a > php function to build the absolute path for command based on your > installation or some other condition. That would make the application > portable. In NGINX's configuration it's possible to change php.ini settings for particular server processes. I'll go for that. If that's not possible I'll = try to spawn a separate php-fpm process that configured the way I need it. And = if that's not possible I'll hardcode a function in PHP. =20 Niklaas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160428094002.GA43096>