running as apache user does not work, why?
Zdenek Wagner
zdenek.wagner at gmail.com
Fri Aug 16 09:59:32 CEST 2019
pá 16. 8. 2019 v 1:42 odesílatel Reinhard Kotucha
<reinhard.kotucha at web.de> napsal:
>
> On 2019-08-16 at 00:43:49 +0200, Zdenek Wagner wrote:
>
> > remember, that "apache" is not a normal user. Unless you have
> > modified /etc/passwd, it has no login shell. It will not read
> > settings in shell startup files used by normal users and root,
> > hence it tries to use the TeX distribution from Fedora packages,
> > not TeX Live from TUG, as you can see from the paths. In addition,
> > it is not sufficient to define environment variables in such a way
> > that sudo will know about them. When you later try to run TeX from
> > a script invoked by the Apache server, they will not work unless
> > you define them in you config file by SetEnv or PassEnv
> > directives. It is better not to run TeX directly but use a script
> > which will define the necessary variables including PATH and then
> > call TeX.
>
> For security reasons I wouldn't run any program except Apache itself
> as user apache. The restrictions are on purpose. Security is the
> most important thing when running a web server and I don't see any
> reason why one want to run TeX as user apache at all.
>
Yes, security is the key point but there are cases when it is useful.
Consider services as TeXonWeb, https://tex.mendelu.cz/new/
Sometimes I need pretty printed output in PDF. I often prepare
invoices by LaTeX. In such a case I do not allow full user input, I
take only a limited number of form entries and verify them before
feeding them to LaTeX. In addition, I do not allow lua and do not
allow \write16. In order not to lock the whole process I run it via my
own Expect script which is available from here:
https://github.com/TeX-Live/tltesting/tree/master/tools
Zdeněk Wagner
http://ttsm.icpf.cas.cz/team/wagner.shtml
http://icebearsoft.euweb.cz
> Regards,
> Reinhard
>
> --
> ------------------------------------------------------------------
> Reinhard Kotucha Phone: +49-511-3373112
> Marschnerstr. 25
> D-30167 Hannover mailto:reinhard.kotucha at web.de
> ------------------------------------------------------------------
More information about the tex-live
mailing list