running as apache user does not work, why?

Zdenek Wagner zdenek.wagner at gmail.com
Fri Aug 16 09:59:32 CEST 2019


pá 16. 8. 2019 v 1:42 odesílatel Reinhard Kotucha
<reinhard.kotucha at web.de> napsal:
>
> On 2019-08-16 at 00:43:49 +0200, Zdenek Wagner wrote:
>
>  > remember, that "apache" is not a normal user. Unless you have
>  > modified /etc/passwd, it has no login shell. It will not read
>  > settings in shell startup files used by normal users and root,
>  > hence it tries to use the TeX distribution from Fedora packages,
>  > not TeX Live from TUG, as you can see from the paths. In addition,
>  > it is not sufficient to define environment variables in such a way
>  > that sudo will know about them.  When you later try to run TeX from
>  > a script invoked by the Apache server, they will not work unless
>  > you define them in you config file by SetEnv or PassEnv
>  > directives. It is better not to run TeX directly but use a script
>  > which will define the necessary variables including PATH and then
>  > call TeX.
>
> For security reasons I wouldn't run any program except Apache itself
> as user apache.  The restrictions are on purpose.  Security is the
> most important thing when running a web server and I don't see any
> reason why one want to run TeX as user apache at all.
>
Yes, security is the key point but there are cases when it is useful.
Consider services as TeXonWeb, https://tex.mendelu.cz/new/

Sometimes I need pretty printed output in PDF. I often prepare
invoices by LaTeX. In such a case I do not allow full user input, I
take only a limited number of form entries and verify them before
feeding them to LaTeX. In addition, I do not allow lua and do not
allow \write16. In order not to lock the whole process I run it via my
own Expect script which is available from here:
https://github.com/TeX-Live/tltesting/tree/master/tools

Zdeněk Wagner
http://ttsm.icpf.cas.cz/team/wagner.shtml
http://icebearsoft.euweb.cz

> Regards,
>   Reinhard
>
> --
> ------------------------------------------------------------------
> Reinhard Kotucha                            Phone: +49-511-3373112
> Marschnerstr. 25
> D-30167 Hannover                    mailto:reinhard.kotucha at web.de
> ------------------------------------------------------------------



More information about the tex-live mailing list