shell_exec() problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
snork
Forum Newbie
Posts: 1
Joined: Mon Aug 03, 2009 3:01 am

shell_exec() problem

Post by snork »

I've spent all day on trying to solve this problem. It seems like it's a common situation, but I can't find any answers to it.

I have a webserver running on server A. I want to have a php script that can run a bash (shell) script on server B. Both run Linux. No webserver on server B.

I've tried using all the php functions related to executing shell scripts but none work.

The basic php command is this:

$toexec="ssh -p 2272 -i /home/snork/.ssh/id_dsa snork@192.168.1.101 'touch me'";
$exec=exec($toexec);

The format of the command isn't important because the error message I get from the remote server B, is 'Failed password for user snork'.

If I run it from the command line, either as a shell script or as a php program (i.e. php -q test.php), it works properly. If I run it via a web browser, I get the 'Failed password' message.

I've also tried putting in the script things like:

exec('whoami') which prints out 'nobody'
$current_user prints out 'snork'
exec('env') prints out that 'USER=root' and HOME=/home/snork

The results are when running in a browser. Command line runs yield correct information.

Keys are in ~/.ssh and are RW for snork. Keys are good.

I've tried setting HOME=/home/snork before the command. Same results.

Verified with 'ps' that Apache is running as 'nobody'. I've tried various options, arguments, etc. and no matter what I try, it always works from the command line or running it through php from the command line. It never works when accessing it through a web browser.

From what I have gathered, it looks like the php/apache script is being run as user 'nobody' and user 'nobody' doesn't have a password or id_dsa keys.

What I don't understand is what is happening when that is run via a browser and how to tell it to use my (snork) private keys in ~/.ssh. If user 'nobody' is running the php script, can't I still login to the remote server over ssh using my (snork) username an pw?

Does anyone have any ideas that I could try in order to troubleshoot this? Does anyone have any ideas on how to accomplish this beside using the php exec, shell_exec, system functions?

I do not want to run a webserver on server B for security reasons.

Thanks
dejvos
Forum Contributor
Posts: 122
Joined: Tue Mar 10, 2009 8:40 am

Re: shell_exec() problem

Post by dejvos »

I think that the user is the problem. You should check php.ini too. Some restriction for executing shell commands should be there - I' m not sure right now.

Are you sure that all path to the .ssh is accessable for user nobody (or www-run ... or whatever)?
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: shell_exec() problem

Post by Eran »

what user are you logged into the shell as? if you are logged as root, you have different permissions than the apache process that actually runs the script from the browser. you need to run the bash script with sudo (and add the proper permissions)
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: shell_exec() problem

Post by VladSun »

pytrin++

Or you may copy the identity key into another directory, change its owner to nobody and use it.

man ssh
~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa
Contains the authentication identity of the user. They are for
protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
These files contain sensitive data and should be readable by the
user but not accessible by others (read/write/execute).
Note
that ssh ignores a private key file if it is accessible by oth-
ers. It is possible to specify a passphrase when generating the
key; the passphrase will be used to encrypt the sensitive part of
this file using 3DES.
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply