Quoting Richard Lynch <[EMAIL PROTECTED]>:
> If 'www' can do it in a shell, then PHP, running as 'www' can usually do do it
www is a Limux system user on both svrA and svrB.
On svrA, Apache runs as user nobody. I mean, this is the httpd user, where we
defined it in httpd.conf:
User nobody
Group nobody
My bad, I shud have use roger instead of www.
> //Do this:
> exec('ssh [EMAIL PROTECTED] /tmp/test.sh someDIR', $output, $error);
> if ($error) echo "OS Error: $error\n";
> echo implode("\n", $output);
I got this: OS Error: 255
> This will tell you what error messages, if any, you are getting.
>
> Most likely what is happening is that the 'www' user in PHP does not
> have a true shell set up -- so 'www' has no "home" dir, so ssh does
> not find the keys you stuck in ~/.ssh/ so you need to do something
> like:
>
> exec('ssh -i /home/www/.ssh [EMAIL PROTECTED] /tmp/test.sh someDIR', $output,
> $error);
In my case, user nobody (that Apache runs as in svrA), does not have a true
shell setup. How do I create a private/public key for user nobody when I can't
even login as user nobody (as it does not have a true shell) ?
What's my option ?
> Though why you have a '[EMAIL PROTECTED]' user and then have '[EMAIL
> PROTECTED]'
> running Apache/PHP is beyond my ken...
Sorry for the confusion.
> It's usually the PRIVATE key belonging to '[EMAIL PROTECTED]' that you would
> have sitting in the .ssh directory for '[EMAIL PROTECTED]' and then the PUBLIC
> half would be sitting in '[EMAIL PROTECTED]' .ssh directory.
Yes, I did that. I logged in as user www in svrA and executed ssh-keygen -t
rsa. I then copied id_rsa.pub to svrB and called it
/home/www/.ssh/authorized_keys. As noted, user www are system users in svrA and
svrB.
> I'd be real worried about the script that only 'root' can run...
>
> Set up a new user on svrB that has permission to create the
> directories you need, and that's pretty much all that user can do.
>
> Using 'root' access is just too much power.
I mean, I want to execute a command in svrB where only root can do so. Like
'shutdown' or something else.
Appreciate your advise. TIA
--
Roger
---------------------------------------------------
Sign Up for free Email at http://ureg.home.net.my/
---------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
