Why is www's $PATH only /usr/bin:/bin?

Valeri Galtsev galtsev at kicp.uchicago.edu
Tue Apr 26 21:16:04 UTC 2016

On Tue, April 26, 2016 2:40 pm, Niklaas Baudet von Gersdorff wrote:
> Hi,
> I figured that www's $PATH is only /usr/bin:/bin. Why is that if
> /etc/login.conf says the following?
>     default:\
>     --------8<--------
>         :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin
> /usr/local/bin ~/bin:\
>     --------8<--------
> /etc/passwd looks like this.
>     www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
> So, I left everything the default.
> The thing is that I want to run something in /usr/local/bin with PHP's
>     shell_exec($cmd);
> but that's not working because it's not in $PATH.

You can have $cmd containing full absolute path to the command bewith
leading slash, say:


then it should work (unless daemon runs chrooted, then you need to have
copied of all these in chrooted environment). Having daemons exposed to
external world able access as minimum of things as necessary would be a
good security practice.


> Any hint is very much appreciated.
>     Niklaas
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

More information about the freebsd-questions mailing list