# PHP _SERVER[“USER”] and _SERVER[“HOME”] appear from nowhere

## vklimovs

I run PHP via FastCGI with nginx web server on Gentoo. PHP is started by spawn-fcgi script from lighttpd, which is started run as a daemon using start-stop-daemon (all using provided init scripts). Among other things, spawn-fcgi startup script cleans-up environment, so that only PATH, PHP_FCGI_CHILDREN and PHP_FCGI_MAX_REQUESTS are left when PHP is started. The exact line that is used to start PHP after variable substitution looks like that

```

env -i PATH=/lib/rc/sbin:/lib/rc/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin PHP_FCGI_CHILDREN=5 PHP_FCGI_MAX_REQUESTS=500 /sbin/start-stop-daemon --start --pidfile /var/run/spawn-fcgi/php-1.pid --exec /usr/bin/spawn-fcgi --name /usr/bin/php-cgi -- -a 127.0.0.1 -p 9000 -P /var/run/spawn-fcgi/php-1.pid -u nobody -g nobody -- /usr/bin/php-cgi

```

However on my machine, additionally to those variables, in PHP _SERVER global I also see USER and HOME variables. Not only they are there, but they are also set to "root" and "/root" respectively, which is wrong as PHP is run as user "nobody" (confirmed using echo exec('whoami') :Wink: . What is wrong with my install? How can I get rid of those variables that should not be there?

As a weird addition to all that, on another machine that is amd64, with exact same package setup variables are correct! Only PATH, PHP_FCGI_CHILDREN, PHP_FCGI_MAX_REQUESTS are set, no HOME or USER.

----------

