From nobody Sat Sep 14 08:23:51 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X5PNJ2L31z5WDrG for ; Sat, 14 Sep 2024 08:24:16 +0000 (UTC) (envelope-from freebsd@gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2620:137:6000:10::142]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "prime.gushi.org", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X5PNH1qKjz4mBt for ; Sat, 14 Sep 2024 08:24:15 +0000 (UTC) (envelope-from freebsd@gushi.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gushi.org header.s=prime2014 header.b=cUzmeMc6; dmarc=pass (policy=none) header.from=gushi.org; spf=pass (mx1.freebsd.org: domain of freebsd@gushi.org designates 2620:137:6000:10::142 as permitted sender) smtp.mailfrom=freebsd@gushi.org Received: from smtpclient.apple ([IPv6:2001:500:6b:200:8000:0:0:58]) (authenticated bits=0) by prime.gushi.org (8.17.2/8.17.2) with ESMTPSA id 48E8OBOt019390 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Sep 2024 08:24:12 GMT (envelope-from freebsd@gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 48E8OBOt019390 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1726302252; bh=voDHwQxWYa3vtXUJzpGyQAgNd8iLiLRcN5fGi9lFSLU=; h=From:Date:Subject:To; z=From:=20"Dan=20Mahoney=20(Ports)"=20|Date:=20S at,=2014=20Sep=202024=2001:23:51=20-0700|Subject:=20Just=20lost=20 a=20few=20hours=20playing=20with=20daemon(8)=20and=20trying=20to=2 0set=20a=20path=0D=0A=20in=20an=20rc.d=20script|To:=20questions=20 ; b=cUzmeMc6ZoHIMfg8vBFjS+dJT+LOO7slW6nBLLXoUnsgELLooiqBWuNrfammt7HnH 7yfGOrSQM+lK+QnQoyPgJ+7iMZy98+QyM6uw215HItjbOohRoXGnHW6wfcWBsXO8Hc gsa1wYC6zMVYAZY5Vzc9eHPCZZi4ScH3bQzvOn2MUBf44DhoVwBSvvxeYC/5WZS6O8 XyXppqylWI50DdZLpv8zgIMmgceaxS/qeP1F1m0IGDHRuKJuHU+TJrQfyTsDjsP7pS GDSNDW/rRQyN28jhIxlb/vnoiMDihUwQsCPJOgNMTIRkAALXNTk81bq29H8Zlcj1OG S99e0oXwUrNGw== X-Authentication-Warning: prime.gushi.org: Host [IPv6:2001:500:6b:200:8000:0:0:58] claimed to be smtpclient.apple From: "Dan Mahoney (Ports)" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\)) Date: Sat, 14 Sep 2024 01:23:51 -0700 Subject: Just lost a few hours playing with daemon(8) and trying to set a path in an rc.d script Message-Id: <8E35B5EC-0C32-4783-B169-1600C5B003A7@gushi.org> To: questions X-Mailer: Apple Mail (2.3818.100.11.1.3) X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.10 / 15.00]; DWL_DNSWL_MED(-2.00)[gushi.org:dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gushi.org,none]; MV_CASE(0.50)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCVD_IN_DNSWL_MED(-0.20)[2620:137:6000:10::142:from]; R_DKIM_ALLOW(-0.20)[gushi.org:s=prime2014]; R_SPF_ALLOW(-0.20)[+mx]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; ASN(0.00)[asn:393507, ipnet:2620:137:6000::/44, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[gushi.org:+]; ARC_NA(0.00)[]; HAS_XAW(0.00)[] X-Rspamd-Queue-Id: 4X5PNH1qKjz4mBt Hey there all, I=E2=80=99m answering my own question here, writing this in the hopes = that someone finds it in the future, in the archives. (xkcd.com/979 = is relevant) Dyjob have a service (etherpad lite) that we start from rc.d, using = daemon, but it runs as an unprivileged user and needs a special PATH = (because npm wants to install and update its own modules. I hate this, = but this is the reality). Setting export NODE_PATH=3D$HOME/.node/lib/node_modules:$NODE_PATH as = part of the rc.d script was no problem. It stuck, but for some reason, = the PATH was not being set. I tried setting PATH n the user=E2=80=99s home directories and login = files, no dice. I tried setting PATH as part of etherpadlite_env in the rc script, no = dice. I even tried explicitly setting the path as part of the = etherpadlite_start() subroutine in the rc script. A printenv showed it = existing, but when the actual daemon command ran, it was erased. =3D=3D=3D I almost missed this bit in daemon.c, thinking it=E2=80=99s just an = error check. No, this is where daemon does it. if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) !=3D 0) { errx(1, "failed to set user environment"); } Turns out, it=E2=80=99s our old and almost never used friend, the login = capabilities database well at work. I had to define a custom = .login_conf for this user and modify the path there, thusly: me:\ :path=3D~/.node/bin /sbin /bin /usr/sbin /usr/bin /usr/local/sbin = /usr/local/bin: =3D=3D=3D The manpage for daemon(8) is silent on this, saying only: -u, --user user Login name of the user to execute the program under. Environment variables HOME, USER, and SHELL are set accordingly. = Requires adequate superuser privileges. Adding a single line that *mentions* login.conf would have saved me a = ton of time here, but because it mentions only HOME, USER, and SHELL, = the assumption was that everything else would be preserved. -Dan