Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PATH environment variable is truncated at service scripts does anybody know why?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 365 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hayati
      last edited by

      Hi,

      When I run:

      echo $PATH

      on command line I get PATH environment variable which contains:

      /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin

      but when starting a service from the command line using service command (I put an echo $PATH to the the service script, just after shebang and before any command) like following:

      service openvpn onestart

      the openvpn service is starting with a truncated list of PATH variable as below:

      /sbin:/bin:/usr/sbin:/usr/bin

      which is obviously truncated. This is not happening with FreeBSD 11.x.

      Can anybody help me why is this happening?

      Thanks

      1 Reply Last reply Reply Quote 0
      • H
        hayati
        last edited by

        It turns out that

        /usr/sbin/service

        is overriding PATH environment variable before starting/stopping related service.

        But I have not found out yet why the same package and service could be started on freebsd without any error but not on pfsense.

        I'll make an update for the latter issue.

        Thanks

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          Security reasons. Any script run like that should never have anything more than the trusted directories in its $PATH and those are by convention /sbin:/bin:/usr/sbin:/usr/bin. This means that when writing scripts the scripts should use full paths to executables located outside the trusted $PATH.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.