PATH environment variable is truncated at service scripts does anybody know why?
-
Hi,
When I run:
echo $PATH
on command line I get PATH environment variable which contains:
/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
but when starting a service from the command line using service command (I put an echo $PATH to the the service script, just after shebang and before any command) like following:
service openvpn onestart
the openvpn service is starting with a truncated list of PATH variable as below:
/sbin:/bin:/usr/sbin:/usr/bin
which is obviously truncated. This is not happening with FreeBSD 11.x.
Can anybody help me why is this happening?
Thanks
-
It turns out that
/usr/sbin/service
is overriding PATH environment variable before starting/stopping related service.
But I have not found out yet why the same package and service could be started on freebsd without any error but not on pfsense.
I'll make an update for the latter issue.
Thanks
-
Security reasons. Any script run like that should never have anything more than the trusted directories in its $PATH and those are by convention /sbin:/bin:/usr/sbin:/usr/bin. This means that when writing scripts the scripts should use full paths to executables located outside the trusted $PATH.