Re: Re: run remote shell script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Quoting Richard Lynch <ceo@xxxxxxxxx>:

> If 'www' can do it in a shell, then PHP, running as 'www' can usually do do it

www is a Limux system user on both svrA and svrB.
On svrA, Apache runs as user nobody. I mean, this is the httpd user, where we defined it in httpd.conf:
User nobody
Group nobody

My bad, I shud have use roger instead of www.

> //Do this:
> exec('ssh www@svrB /tmp/test.sh someDIR', $output, $error);
> if ($error) echo "OS Error: $error\n";
> echo implode("\n", $output);

I got this: OS Error: 255


> This will tell you what error messages, if any, you are getting.
> 
> Most likely what is happening is that the 'www' user in PHP does not
> have a true shell set up -- so 'www' has no "home" dir, so ssh does
> not find the keys you stuck in ~/.ssh/ so you need to do something
> like:
> 
> exec('ssh -i /home/www/.ssh www@svrB /tmp/test.sh someDIR', $output,
> $error);

In my case, user nobody (that Apache runs as in svrA), does not have a true shell setup. How do I create a private/public key for user nobody when I can't even login as user nobody (as it does not have a true shell) ?

What's my option ?

> Though why you have a 'www@svrA' user and then have 'nobody@svrA'
> running Apache/PHP is beyond my ken...

Sorry for the confusion.

> It's usually the PRIVATE key belonging to 'www@svrA' that you would
> have sitting in the .ssh directory for 'www@svrA' and then the PUBLIC
> half would be sitting in 'www@svrB' .ssh directory.

Yes, I did that. I logged in as user www in svrA and executed ssh-keygen -t rsa. I then copied id_rsa.pub to svrB and called it /home/www/.ssh/authorized_keys. As noted, user www are system users in svrA and svrB.

> I'd be real worried about the script that only 'root' can run...
> 
> Set up a new user on svrB that has permission to create the
> directories you need, and that's pretty much all that user can do.
> 
> Using 'root' access is just too much power.

I mean, I want to execute a command in svrB where only root can do so. Like 'shutdown' or something else.

Appreciate your advise. TIA

--
Roger


---------------------------------------------------
Sign Up for free Email at http://ureg.home.net.my/
---------------------------------------------------

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux