Make a start at supporting login.conf environment settings
AbandonedPublic
Actions

Authored by kevans on Sep 1 2019, 1:08 AM.

Details

Reviewers

jilles
dteske
andrew_tao173.riddles.org.uk

Group Reviewers

manpages

Summary

There is currently no single place where environment variables can be set that are required by daemons and cron jobs in addition to logged-in users.

The most glaring issue with this is when setting up a system with no public connectivity other than an HTTP proxy, there is no single place that allows you to set the proxy address that is recognized by both the ntpd leapsecond file fetch (invoked from cron via "service ntpd onefetch" which clears the environment) and the package vulnerability database fetch (invoked from cron).

This patch proposes four substantive changes (and one largely cosmetic cleanup):

init(8) sets the environment variables of the "daemon" class when running /etc/rc (and also those of "default" when running other processes).

cron(8) sets the environment variables of the user and/or login class for which it is invoking a job, prior to processing environment variable settings in the crontab file.

env(1) gets options -L user/class and -U user/class to set the environment of the specified user either from login.conf alone (-L) or both login.conf and ~/.login_conf if present (-U). This is to enable:

service(8) sets the environment of the "daemon" class before invoking the rc script.

The MAIL environment variable gets split out into a separate "mail" capability because things work more cleanly that way (easier to suppress it in the "daemon" class where it will not be properly expanded, for example).

This is a fairly early work in progress, in particular there is no documentation yet.

Test Plan

Open to suggestions about what specifically needs testing.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

andrew_tao173.riddles.org.uk created this revision.Sep 1 2019, 1:08 AM

Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptSep 1 2019, 1:08 AM

Dropping in jilles@ and dteske@ to start... if memory serves they both might be interested in reviewing this.

I've been pondering whether limits(1) also needs an option to pick up the environment from the login class, or whether that's better addressed in rc.subr for the case of servicename_class="x" settings.

Further proposal (the patch doesn't do this yet): cron should not override PATH when reading a user crontab; whether it should use the user's path, or daemon's path, rather than the hardcoded default when processing the system crontab is a more open question.

kevans added inline comments.Sep 18 2019, 1:00 AM

usr.bin/env/env.c
79	This and all the following initialization should move out of the declaration block, down by altpath, per style(9)
103	Spaces around FALLTHROUGH
167	Blank line before multi-line comment, and comment should begin on line after starting comment marker in this file

jamie_catflap.org added a subscriber: jamie_catflap.org.Oct 4 2019, 5:07 PM

Style fixes. Rebase.

andrew_tao173.riddles.org.uk marked 3 inline comments as done.Oct 6 2019, 7:02 PM

I'd like to start moving forward on this... this looks like a fine idea to me. I'll look at starting to commit it over the next week, likely broken up into the various logical changes you've outlined.

This revision is now accepted and ready to land.Jan 17 2020, 4:47 AM

env.1 manpage will need changes, want me to add those?

In D21481#509711, @andrew_tao173.riddles.org.uk wrote:

env.1 manpage will need changes, want me to add those?

Yes, please. =)

Rebase and add docs.

(In passing, the doc changes for env(1) also add -0 to the STANDARDS and HISTORY sections, since whoever added the option apparently failed to do that.)

This revision now requires review to proceed.Jan 19 2020, 7:41 AM

Herald added a reviewer: manpages. · View Herald TranscriptJan 19 2020, 7:41 AM

OK for the man page changes.

sigsys_gmail.com added a subscriber: sigsys_gmail.com.Feb 4 2020, 11:25 PM

This got brought up _again_ on IRC, but this time someone (sphex) came up with an actually interesting idea: what if there were a login.conf variable, e.g. cron.setpath, which if set caused cron(8) to respect the PATH from the login class if not overridden in the crontab file? This doesn't seem to hard to implement.

sigsys_gmail.com added inline comments.Feb 5 2020, 12:42 AM

usr.bin/login/login.conf
65	I think there should be a comment mentioning that both rc(8) and service(8) (and possibly cron(8) by default unless the new toggle is set) will override PATH with a default path (that doesn't include /usr/local/sbin and /usr/local/bin) when starting services. It's not new that they set their own PATH, but it could be unexpected that the PATH specified there gets overridden in certain circumstances when other environment variables do get set.

kevans mentioned this in rS357560: login.conf(5): split MAIL env var out into a "mail" capability.Feb 5 2020, 4:17 AM

kevans mentioned this in rS357561: login.conf(5): set a default PATH for the daemon class.Feb 5 2020, 4:27 AM

kevans mentioned this in rS357562: init(8): set environment variables from the "daemon" class as well.

kevans mentioned this in rS357563: env(1): grow -L user/class and -U user/class options.Feb 5 2020, 4:30 AM

kevans mentioned this in rS357564: service(8): set the environment of the "daemon" class before invoking.Feb 5 2020, 4:33 AM

kevans mentioned this in rS357565: cron(8): set the environment variables of the user and/or login class.Feb 5 2020, 4:36 AM

These should have all been committed -- because I didn't want to trigger a close with an incomplete diff, I did not put in the proper tag to close it. Please do close it out if you're satisfied via "Add Action" > "Close Revision" under the diff.

In D21481#516072, @kevans wrote:

These should have all been committed -- because I didn't want to trigger a close with an incomplete diff, I did not put in the proper tag to close it. Please do close it out if you're satisfied via "Add Action" > "Close Revision" under the diff.

The committed changes matched up cleanly with my local branch, so this is all good.

However, I don't see a "Close Revision" option, only "Abandon Revision" under "Revision Actions" (possibly reflecting my lack of status). If you have an option to close it out as committed, then please do use it.

kevans commandeered this revision.Feb 5 2020, 9:14 PM

kevans abandoned this revision.

kevans edited reviewers, added: andrew_tao173.riddles.org.uk; removed: kevans.

kevans mentioned this in rS357789: MFC r357560, r357707: login.conf(5) mail capability.Feb 12 2020, 2:04 AM

andrew_tao173.riddles.org.uk mentioned this in D25365: Early WIP: convert login.conf to UCL.Aug 10 2020, 7:41 AM

kevans mentioned this in rGf6512d13154a: init(8): set environment variables from the "daemon" class as well.Feb 4 2021, 3:15 AM

kevans mentioned this in rGf7ba064978f8: service(8): set the environment of the "daemon" class before invoking.

kevans mentioned this in rGd5461e9a792a: cron(8): set the environment variables of the user and/or login class.

kevans mentioned this in rGd6898bc06ae9: login.conf(5): set a default PATH for the daemon class.Feb 4 2021, 3:20 AM