Can not see /usr/local/bin for some user
-
I have a problem: some pfsense users can not see all the filesystem folders… and I can not understand why.
I installed a standard pfsense in a x64 machine, I added squid package and external acl php script called by squid daemon with its user "proxy".
Squid cannot run a php script from squid because "php is not found". And here starts my odyssey.I tried to impersonate proxy user to understand what's wrong, I added /bin/sh shell to proxy user and I logged as proxy user with su proxy command. The answer is that via shell logon I could see /usr/local/bin/php and I could run my php scripts.
So I tryed to link an sh script to squid, the script was like this: ls -R / > /tmp/fstree.txt the answer is that the /usr/local/bin doesn't exists… :o
Therefore I'm absolutely sure that squid daemon can not see the /usr/local/bin folder but loggin with su proxy I can see it.
I tried to link /usr/local/bin/php to /bin/php with a soft link and now squid can run php scripts…This is solved, but some php extension can not find their file...
What I'm missing? Why by sheel I can see that folder and squid daemon (with the same user) can not see it?Thank you.
-
Seems that /usr/local is remapped to /usr/pbi/squid-amd64/local for squid process… is it correct?
-
My answer to use PHP scripts in squid external ACL is this:
ln -s /usr/local/bin/php /usr/pbi/squid-amd64/local/bin/php ln -s /usr/local/lib/php /usr/pbi/squid-amd64/local/lib/php ln -s /usr/local/etc/php.ini /usr/pbi/squid-amd64/local/etc/php.ini -
Sir, by creating these symlinks, you are on a sure way to hell. Stop working around PBI idiocy by causing more damage to your system.
-
I need a squid ACL to authenticate user by mysql database, my choices is: php, perl or java. The simplest seems to be php…
So what is you answer to avoid symlinks? -
Don't use Squid. Solved.
-
I solved using squid in a debian server :P