Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7085: How is the PATH Variable Determined When Using Centrify SSH?

Centrify DirectControl ,  

18 July,16 at 09:22 PM

Applies to:
  
All Versions of Centrify Direct Control 
 
Question:
  
When a user logins into a UNIX or Linux platform using a SSH client, the PATH environment variable is set.  This article describes how the PATH variable is set by Centrify SSH daemon.
  
Answer:
  
When the Centrify sshd login begins the PATH variable is empty.   The sshd will not use the PATH value that is set in the initiating process.

Step 1)  If 'UseLogin' is disabled (as is default) in sshd_config, then sshd will do these steps in sequence:
  
a) On Solaris, the Centrify SSH daemon will source the PATH from /etc/default/login. This is not applicable on other platforms.

b) If PATH is now empty, then Centrify sshd will insert the value of the 'DefEnvPATH' into the PATH

c) If PATH is now empty,  then Centrify sshd will set PATH to the different hardcoded path values depending if the user is root or non-root.  
 
for root the path becomes:
/usr/share/centrifydc/sbin:/usr/share/centrifydc/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
  
for a non-root user, the path becomes: 
/usr/share/centrifydc/bin:/usr/local/bin:/bin:/usr/bin
        
Step 2)  Next if 'UsePam'  is enabled (as default) in sshd_config, Centrify sshd will get the PATH value set previously by PAM:
  
a) PAM will setup PATH using pam_env.so.  This step is platform specific.  For example, on Ubuntu, the pam_env.so may read /etc/environment for the value.  For the details on what pam_env.so does, please check pam_env manual page.
  
b) The PATH from PAM will overwrite the previously set PATH value  
   

c) It is also possible that another module in the sshd pam stack may set PATH internally.
  

 
Step 3) Then if 'PermitUserEnvironment' is enabled (disabled as default) and 'UseLogin' is disabled in sshd_config, the Centrify sshd will get the PATH from $HOME/.ssh/environment.  This PATH will overwrite the PATH previously setup.

Now the PATH is the one that is final for sshd and it is used to call the SHELL.
  

 
Step 4)  There is one final modification. When the SHELL is running, it (the shell) may modify PATH according to its rc settings.  Please see the system shell manual pages for details.
 
The final PATH that can be seen by the user in the shell is set by many different means including shell config, sshd config, user ssh-config, pam config, system config and the platform itself.

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.