Why is www's $PATH only /usr/bin:/bin?
Niklaas Baudet von Gersdorff
stdin at niklaas.eu
Thu Apr 28 09:40:11 UTC 2016
Thanks for all the replies and explanations.
Bertram Scharpf [2016-04-27 14:07 +0200] :
> On Tuesday, 26. Apr 2016, 21:40:48 +0200, Niklaas Baudet von Gersdorff wrote:
> I recommend to include a line into your Apache configuration
> (or whichever HTTP server you use) like
>
> SetEnv PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
I use NGINX but there should be some way to do that there too.
RW via freebsd-questions [2016-04-27 13:33 +0100] :
> On Wed, 27 Apr 2016 14:07:04 +0200
> Bertram Scharpf wrote:
>
>
> > I wondered as well about this behaviour sometimes. The
> > default path from login.conf will be set at login. Yet, the
> > www daemon is started from rc and this is not understood to
> > be a login. The perverse thing is that when you do a
> > "/usr/local/etc/rc.d/apache24 restart" from the command
> > line, then the PATH variable will contain the value you
> > expect.
>
> Avoiding that is one of the reasons why service(8) exists.
Thanks for pointing that out. I did not know that either.
Steve O'Hara-Smith [2016-04-27 08:21 +0100] :
> On Tue, 26 Apr 2016 21:40:48 +0200
> Niklaas Baudet von Gersdorff <stdin at niklaas.eu> wrote:
>
> > Hi,
> >
> > I figured that www's $PATH is only /usr/bin:/bin. Why is that if
> > /etc/login.conf says the following?
> >
> > default:\
> > --------8<--------
> > :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin
> > ~/bin:\
> > --------8<--------
>
> I assume you mean this is the path available to CGI or similar
> running under a web server. If so then the reason for the discrepancy is at
> least in part that user www never logged in ...
>
> > /etc/passwd looks like this.
> >
> > www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
>
> ... and indeed cannot log in so the login.conf is not going to
> apply. It is also possible (indeed likely) that the web server deliberately
> minimises the path passed to CGI scripts for security.
Makes sense. Thank you for the explanation! I was not aware of that.
> > So, I left everything the default.
> >
> > The thing is that I want to run something in /usr/local/bin with PHP's
> >
> > shell_exec($cmd);
> >
> > but that's not working because it's not in $PATH.
> >
> > Any hint is very much appreciated.
>
> It should be possible to adjust the path seen by PHP in the PHP
> config.
I will try PHP's configuration first. If that's not possible, I'll go for the
configuration of NGINX.
Luca Ferrari [2016-04-27 10:22 +0200] :
> On Wed, Apr 27, 2016 at 9:21 AM, Steve O'Hara-Smith <steve at sohara.org> wrote:
> > On Tue, 26 Apr 2016 21:40:48 +0200
> > ... and indeed cannot log in so the login.conf is not going to
> > apply. It is also possible (indeed likely) that the web server deliberately
> > minimises the path passed to CGI scripts for security.
>
> Exactly. You have to think that PATH can be changed by the running
> process, so there is no surprise that is either expanded or shrinked.
>
> >> The thing is that I want to run something in /usr/local/bin with PHP's
> >>
> >> shell_exec($cmd);
> >>
> >> but that's not working because it's not in $PATH.
>
> I would suggest to either add the path to the php config or to make a
> php function to build the absolute path for command based on your
> installation or some other condition. That would make the application
> portable.
In NGINX's configuration it's possible to change php.ini settings for
particular server processes. I'll go for that. If that's not possible I'll try
to spawn a separate php-fpm process that configured the way I need it. And if
that's not possible I'll hardcode a function in PHP.
Niklaas
More information about the freebsd-questions
mailing list