path for user www
Paul Schmehl
pschmehl_lists at tx.rr.com
Mon Jun 15 14:58:06 UTC 2009
--On Monday, June 15, 2009 07:16:51 -0500 Pieter Donche
<Pieter.Donche at ua.ac.be> wrote:
>
> On Mon, 15 Jun 2009, Robert Huff wrote:
>
>>
>> Pieter Donche writes:
>>> How can one change the PATH for the user www ?
>>> to include e.g. /usr/local/bin
>>>
>>> In /etc/passwd the entry now is:
>>> www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
>>
>> Start by reading the section 5 man page for "passwd".
>> Could you provide a little more detail about what's breaking
>> and why you think this user's path is involved?
>> Robert Huff
>
> Some users on my system run scripts in their webpages. If they specify
> commands (e.g.) 'python', it is not found, unless it is specified as
> '/usr/local/bin/python', since the Apache runs in an environment which
> has as PATH: (as can be seen from phpinfo() output)
> /sbin:/bin:/usr/sbin:/usr:bin
> only.
>
> How can one make the PATH that Apache httpd deamon will use
> be a different path?
> and where exaclty does it get /sbin:/bin:/usr/sbin:/usr:bin from
> in the first place?
>
> I could try specifying in /usr/local/sbin/apachectl 's Bourne shell script:
> PATH=/sbin:/bin:/usr/sbin:/usr:bin:/usr/local/sbin:/usr/local/bin
> export PATH
>
> but wouldn't this be set back to the original at an Apache update?
>
> root has a better path:
> PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:
> /root/bin
>
> how could I have httpd have the same path?
Why would you want to? You'd open yourself up to all sorts of potential
compromise paths. There's a reason why root's path is different from normal
users.
Instead of doing that, consider creating jails. Or create a symlink to only
those binaries that they need to run their scripts to a location that www
already has in its path.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.
More information about the freebsd-questions
mailing list