PATH HOWTO: Network servers

Topics:

All Pages 8021X HOWTO ACP Modem ACPI HOWTO ADSL Bandwidth Man..ATA RAID HOWTO ATM Linux HOWTO AX25 HOWTO Accessibility Dev ..Accessibility HOWTO Adv Bash Scr HOWTO Adv Routing HOWTO Antares RAID sparc..Apache Compile HOWTO Apache WebDAV LDAP..Assembly HOWTO Astronomy HOWTO Athlon Powersaving..Authentication Gat..Autodir HOWTO Aviation HOWTO Avr Microcontrolle..BRIDGE STP HOWTO BTTV BackspaceDelete Bandwidth Limiting..Bangla HOWTO Bash Prompt HOWTO Battery Powered Belarusian HOWTO Belgian HOWTO Beowulf HOWTO Boca BogoMips Bootdisk HOWTO Bridge C++ dlopen C C++Beautifier HO..C editing with VIM..CDROM HOWTO CDServer HOWTO Cable Modem Caudium HOWTO Clone HOWTO Compaq Remote Insi..Compaq T1500 HOWTO Conexant+Rockwell ..Cryptoloop HOWTO DB2 HOWTO DHCP DSL HOWTO DVD Playback HOWTO Debian Binary Pack..Debian Jigdo Debian and Windows..Disk Encryption HO..Disk on Chip HOWTO DocBook Demystific..DocBook Install DocBook OpenJade S..Ecology HOWTO Emacspeak HOWTO Encourage Women Li..Encrypted Root Fil..Euro Char Support Event HOWTO Fedora Multimedia ..Finnish HOWTO Firewall Piercing Flash Memory HOWTO Font HOWTO Framebuffer HOWTO GCC HOWTO GIS GRASS Glibc Install HOWTO HOWTO HOWTO HOWTO INDEX HP HOWTO Handspring Visor Hard Disk Upgrade Hardware HOWTO HighQuality Apps H..Home Electrical Co..IBM7248 HOWTO IO Perf HOWTO IP Alias IP Masquerade HOWTO IRC Implement Sys Call..Indic Fonts HOWTO Infrared HOWTO IngresII HOWTO Install Strategies Installation HOWTO Installfest HOWTO Intkeyb Italian HOWTO Jabber Server Farm..JavaStation HOWTO Kerberos Infrastru..Kernel HOWTO Kerneld Kodak Digitalcam H..LDAP HOWTO LDP Reviewer HOWTO LILO crash rescue ..LVM HOWTO Leased Line Lego Linksys Blue Box R..Linux+Win95 Linux+Win9x+Grub H..Linux+Windows HOWTO Linux Complete Bac..Linux Crash HOWTO Linux Gamers HOWTO Linux Modem Sharing Linux Promise RAID..Linux i386 Boot Co..LinuxGL QuakeWorld..Lotus DominoR5 MILO HOWTO MMBase Inst HOWTO MP3 CD Burning Mail User HOWTO Majordomo MajorCoo..Man Page Masquerading Simpl..Medicine HOWTO MindTerm SSH HOWTO Mobile IPv6 HOWTO Mock Mainframe Module HOWTO Modules Motorola Surfboard..Mozilla Optimization Multi Distro Dev NCURSES Programmin..NFS HOWTO NFS Root Client mi..NIS HOWTO NetMeeting HOWTO Network boot HOWTO Nvidia OpenGL Conf..OLSR IPv6 HOWTO Online Troubleshoo..Oracle 9i Fedora 3..PA RISC Linux Boot..PCTel MicroModem C..PHP Nuke HOWTO PPP HOWTO Pager PalmOS HOWTO Partition Partition Mass Sto..Partition Mass Sto..Partition Rescue Pine Exchange PortSlave Post Installation ..Postfix Cyrus Web ..Pre Installation C..Print2Win Printing HOWTO Process Accounting Program Library HO..Proxy ARP Subnet Qmail ClamAV HOWTO Qmail VMailMgr Cou..Querying libiptc H..RPM HOWTO Reading List HOWTO RedHat CD HOWTO Reliance HOWTO Remote Bridging Remote Serial Cons..SCSI 2.4 HOWTO SCSI Generic HOWTO SLIP PPP Emulator SRM HOWTO SSL Certificates H..Scanner HOWTO Scientific Computi..Scripting GUI TclTk Secure CVS Pserver Secure Programs HO..Security HOWTO Security Quickstar..Security Quickstar..Serial Laplink HOWTO Serial Programming..Slovak HOWTO Small Memory Smart Card HOWTO Software Proj Mgmt..Software Release P..Sound HOWTO Spam Filtering for..Speech Recognition..SquashFS HOWTO Sybase ASA HOWTO Sybase ASE HOWTO Sybase PHP Apache TCP Keepalive HOWTO Tamil Linux HOWTO TimePrecision HOWTO TimeSys Linux Inst..Token Ring Traffic Control HO..Traffic Control tc..UPS HOWTO Unix Hardware Buye..Unix and Internet ..Upgrade Usenet News HOWTO User Authenticatio..VB6 to Tcl VMS to Linux HOWTO VPN HOWTO Valgrind HOWTO VideoLAN HOWTO Vim HOWTO Virtual Web Webcam HOWTO WikiText HOWTO Windows Newsreader..Wireless Link sys ..Wireless Sync HOWTO XDM Xterm XDMCP HOWTO XFree Local multi ..XFree86 HOWTO XFree86 R200 XFree86 Second Mouse XFree86 Video Timi..XML RPC HOWTO XWindow Overview H..XWindow User HOWTO Xinerama HOWTO Xterminals Html single I810 HOWTO Libdc1394 HOWTO OpenMosix HOWTO Phhttpd HOWTO Ppp ssh Text

Next Previous Contents

8. Network servers

Most network servers should not invoke subprocesses of any kind. For security reasons, their path should be minimal.

An important exception is all the services that allow logging in to the system from network. This section describes what is the environment in these cases. If the command is executed in the remote machine with rsh it gets different path than if it is executed with ssh. Similarly, logging in with rlogin, Telnet or ssh is different.

8.1 inetd

Most network servers do not have process of their own waiting for requests all the time. This work is delegated to an Internet super server called inetd. Inetd listens for all the defined network ports and starts the appropriate server when there is an incoming request. This behaviour is defined in /etc/inetd.conf. .:: cloutapps.com ::.

inetd is started from system startup scripts. It inherits just path of init process. It does not modify it and all the servers started from inetd has init path. An example of such a server is imapd, the server of IMAP post office protocol.

Other examples of inetd processes are telnetd, rlogind, talkd, ftp, popd, many http servers and so on. .:: acebetnation.co.uk ::.

Often usage of inetd is still complicated by using a separate tcpd program to start the real server. It is a program that makes additional security checks before starting the real application. It does not affect the path (not verified).

8.2 rsh

rsh daemon sets the path from _PATH_DEFPATH (/usr/include/paths.h) that is the same path that login program uses for normal users. Root will get the same path than the normal user. .:: ncnews.co ::.

Actually, rshd executes the command it gets with the command line: [Academic results for SMTP]


shell -c command-line

and shell is not a login shell. It is desirable that all the shells mentioned in /etc/passwd support -c option to give on the command line. .:: www.pdc.edu ::.

8.3 rlogin

Rlogin is invokes login to make the real login procedure. If you login with rlogin, you get the same path than in login. Most other ways to log in to a Linux computer do not use login. Note the difference with rsh.

The login command actually used is


login -p -h host-name user-name

-p preserves the environment except the variables HOME, PATH, SHELL, TERM, MAIL and LOGNAME. -h tells the remote host name for logging.

8.4 telnet

Telnet is similar than rlogin. It uses the login program and the command line to invoke it in a similar way.

8.5 ssh

ssh has a path setting of it's own. It has a fixed path where it adds the directory where ssh is. Often this means that /usr/bin is in the path twice: [Distributed computing Community]


/usr/local/bin:/usr/bin:/bin:.:/usr/bin

The path does not contain /usr/X11/bin and shell invoked by ssh command is not a login shell. Thus


ssh remotehost xterm

never works and anything in /etc/profile or /etc/csh.cshrc can change this. You must always use explicit path /usr/bin/X11/xterm.

ssh searches environment variables of form VAR=VALUE from file /etc/environment. Unfortunately this causes some problems with XFree86.

Next Previous Contents