path for user www

Paul Schmehl pschmehl_lists at
Mon Jun 15 14:58:06 UTC 2009

--On Monday, June 15, 2009 07:16:51 -0500 Pieter Donche 
<Pieter.Donche at> wrote:

> On Mon, 15 Jun 2009, Robert Huff wrote:
>> Pieter Donche writes:
>>>  How can one change the PATH for the user www ?
>>>  to include e.g. /usr/local/bin
>>>  In /etc/passwd the entry now is:
>>>  www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
>>       Start by reading the section 5 man page for "passwd".
>>       Could you provide a little more detail about what's breaking
>> and why you think this user's path is involved?
>>                               Robert Huff
> Some users on my system run scripts in their webpages. If they specify
> commands (e.g.) 'python',  it is not found, unless it is specified as
> '/usr/local/bin/python', since the Apache runs in an environment which
> has as PATH: (as can be seen from phpinfo() output)
> /sbin:/bin:/usr/sbin:/usr:bin
> only.
> How can one make the PATH that Apache httpd deamon will use
> be a different path?
> and where exaclty does it get /sbin:/bin:/usr/sbin:/usr:bin from
> in the first place?
> I could try specifying in /usr/local/sbin/apachectl 's Bourne shell script:
> PATH=/sbin:/bin:/usr/sbin:/usr:bin:/usr/local/sbin:/usr/local/bin
> export PATH
> but wouldn't this be set back to the original at an Apache update?
> root has a better path:
> PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:
> /root/bin
> how could I have httpd have the same path?

Why would you want to?  You'd open yourself up to all sorts of potential 
compromise paths.  There's a reason why root's path is different from normal 

Instead of doing that, consider creating jails.  Or create a symlink to only 
those binaries that they need to run their scripts to a location that www 
already has in its path.

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
Check the headers before clicking on Reply.

More information about the freebsd-questions mailing list