Search code examples
linuxsvnsshbsdosx-server

Why is $PATH set in sshrc not used?


I am trying to setup svn over ssh on an OS X server. In order to do so, I read that I need a wrapper to set umask and - in my case - to set the repository root. A quick and dirty way to do that is to rename /usr/bin/svnserve and place a wrapper script at that location. However SIP protects that location from any changes, and I would prefer a cleaner solution anyway.

So I created a wrapper script at /usr/local/bin/svnserve and created /etc/ssh/sshrc with

PATH=/usr/local/bin:$PATH

I have verified that this file gets executed when initiating a remote ssh command from my client by writing to a log file. However, the modified PATH does not seem to get passed to the command environment:

ssh hostname 'echo $PATH'
Password:
/usr/bin:/bin:/usr/sbin:/sbin

Am I overlooking something? Or is /etc/ssh/sshrc the wrong place to set a path? If so, what's the right place?


Other places I've tried: /etc/profile and /etc/bashrc, but none of these seem to get executed in connection with an ssh command.

Note: It is not an option to change the client behavior (like, for example, adding the desired path to the command).


Solution

  • /etc/sshrc does not run in the same shell instance with the remotely-issued command, so the PATH update does not persist through.

    Some of the available options:

    • You can set AcceptEnv PATH on the server to configure it to accept a PATH sent by the remote system, and SendEnv PATH on the client (in ~/.ssh/config, or as an argument to ssh passed with -o, or in /etc/ssh/ssh_config).
    • In /etc/ssh/sshd_config on the server, you can set the option PermitUserEnvironment to yes; with that done, the variable and value can be added to ~/.ssh/environment in the individual user's account on the server.
    • You can use ForceCommand to override the remotely requested command, either with something like /usr/bin/env PATH=/usr/local/bin:/usr/bin:/bin svnserve or simply /usr/local/bin/svnserve