Secure Shell
Fixing $PATH programmatically for non-interactive SSH Mar 26 2010 03:01PM
RĂ©mi PALANCHER (remi palancher inria fr) (2 replies)
Re: Fixing $PATH programmatically for non-interactive SSH Mar 26 2010 04:22PM
Charles Bradshaw (brad bradcan homelinux com)
Re: Fixing $PATH programmatically for non-interactive SSH Mar 26 2010 04:18PM
Greg Wooledge (wooledg eeg ccf org)
On Fri, Mar 26, 2010 at 04:01:53PM +0100, Rémi PALANCHER wrote:
> I'm using Debian Lenny with , and currently I have :

> I would like to add /myowndir to the $PATH for remote command
> execution, as well as for remote login shells.

One way is to put the PATH=... command in ~/.ssh/environment and then
make sure PermitUserEnvironment is set to yes in the sshd_config.

> As far I've investigated, $PATH is fixed by /etc/profile for interactive
> connection. But unfortunately, for remote command execution, this script
> is not executed.

That's correct.

> I would like to add this dir to $PATH for all users except the famous
> one with uid 0. So, I guess I can't use those basics key/value files
> such as /etc/environment

That's a Debianism, or at least a Linuxism. It's a configuration file
that's read by PAM (when readenv=1 appears in the matching PAM config file
entry). You -could- use that, in theory, but it's not a shell script.
So you can't do things like PATH=$PATH:/myowndir but rather, you have
to type out the entire PATH=/foo:/bar:/myowndir value. It's pretty bad.

(I once wanted to use it to set MAIL=$HOME/Maildir/ globally, but you
simply can't do that with it. I gave up. It's nigh useless.)

> or ~/.ssh/environment.

This is the appropriate place, as far as I can tell.

> Is there any simple way to deal with such constraints in OpenSSH?
> Intuitively, I was thinking of well-thought combination of 'UsePAM yes'
> and modules in /etc/pam.d/sshd?

Debian's sshd_config has "UsePAM yes" by default. So, if you do decide
to go with the /etc/environment thing, it ought to work, as far as I know.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus