Page MenuHomeFreeBSD

Make a start at supporting login.conf environment settings
Needs ReviewPublic

Authored by andrew_tao173.riddles.org.uk on Sep 1 2019, 1:08 AM.

Details

Reviewers
jilles
dteske
Summary

There is currently no single place where environment variables can be set that are required by daemons and cron jobs in addition to logged-in users.

The most glaring issue with this is when setting up a system with no public connectivity other than an HTTP proxy, there is no single place that allows you to set the proxy address that is recognized by both the ntpd leapsecond file fetch (invoked from cron via "service ntpd onefetch" which clears the environment) and the package vulnerability database fetch (invoked from cron).

This patch proposes four substantive changes (and one largely cosmetic cleanup):

  1. init(8) sets the environment variables of the "daemon" class when running /etc/rc (and also those of "default" when running other processes).
  1. cron(8) sets the environment variables of the user and/or login class for which it is invoking a job, prior to processing environment variable settings in the crontab file.
  1. env(1) gets options -L user/class and -U user/class to set the environment of the specified user either from login.conf alone (-L) or both login.conf and ~/.login_conf if present (-U). This is to enable:
  1. service(8) sets the environment of the "daemon" class before invoking the rc script.
  1. The MAIL environment variable gets split out into a separate "mail" capability because things work more cleanly that way (easier to suppress it in the "daemon" class where it will not be properly expanded, for example).

This is a fairly early work in progress, in particular there is no documentation yet.

Test Plan

Open to suggestions about what specifically needs testing.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

kevans added a subscriber: kevans.

Dropping in jilles@ and dteske@ to start... if memory serves they both might be interested in reviewing this.

I've been pondering whether limits(1) also needs an option to pick up the environment from the login class, or whether that's better addressed in rc.subr for the case of servicename_class="x" settings.

Further proposal (the patch doesn't do this yet): cron should not override PATH when reading a user crontab; whether it should use the user's path, or daemon's path, rather than the hardcoded default when processing the system crontab is a more open question.

kevans added inline comments.Sep 18 2019, 1:00 AM
usr.bin/env/env.c
72

This and all the following initialization should move out of the declaration block, down by altpath, per style(9)

95

Spaces around FALLTHROUGH

156

Blank line before multi-line comment, and comment should begin on line after starting comment marker in this file

andrew_tao173.riddles.org.uk marked 3 inline comments as done.Sun, Oct 6, 7:02 PM