Re: [PHP] Re: run remote shell script

Thu, 18 Aug 2005 00:41:24 -0700 

Quoting Richard Lynch <[EMAIL PROTECTED]>:

> If 'www' can do it in a shell, then PHP, running as 'www' can usually do do it

www is a Limux system user on both svrA and svrB.
On svrA, Apache runs as user nobody. I mean, this is the httpd user, where we 
defined it in httpd.conf:
User nobody
Group nobody

My bad, I shud have use roger instead of www.

> //Do this:
> exec('ssh [EMAIL PROTECTED] /tmp/test.sh someDIR', $output, $error);
> if ($error) echo "OS Error: $error\n";
> echo implode("\n", $output);

I got this: OS Error: 255


> This will tell you what error messages, if any, you are getting.
> 
> Most likely what is happening is that the 'www' user in PHP does not
> have a true shell set up -- so 'www' has no "home" dir, so ssh does
> not find the keys you stuck in ~/.ssh/ so you need to do something
> like:
> 
> exec('ssh -i /home/www/.ssh [EMAIL PROTECTED] /tmp/test.sh someDIR', $output,
> $error);

In my case, user nobody (that Apache runs as in svrA), does not have a true 
shell setup. How do I create a private/public key for user nobody when I can't 
even login as user nobody (as it does not have a true shell) ?

What's my option ?

> Though why you have a '[EMAIL PROTECTED]' user and then have '[EMAIL 
> PROTECTED]'
> running Apache/PHP is beyond my ken...

Sorry for the confusion.

> It's usually the PRIVATE key belonging to '[EMAIL PROTECTED]' that you would
> have sitting in the .ssh directory for '[EMAIL PROTECTED]' and then the PUBLIC
> half would be sitting in '[EMAIL PROTECTED]' .ssh directory.

Yes, I did that. I logged in as user www in svrA and executed ssh-keygen -t 
rsa. I then copied id_rsa.pub to svrB and called it 
/home/www/.ssh/authorized_keys. As noted, user www are system users in svrA and 
svrB.

> I'd be real worried about the script that only 'root' can run...
> 
> Set up a new user on svrB that has permission to create the
> directories you need, and that's pretty much all that user can do.
> 
> Using 'root' access is just too much power.

I mean, I want to execute a command in svrB where only root can do so. Like 
'shutdown' or something else.

Appreciate your advise. TIA

--
Roger


---------------------------------------------------
Sign Up for free Email at http://ureg.home.net.my/
---------------------------------------------------

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to