Page 1 of 1

shell_exec() problem

Posted: Mon Aug 03, 2009 3:45 am
by snork
I've spent all day on trying to solve this problem. It seems like it's a common situation, but I can't find any answers to it.

I have a webserver running on server A. I want to have a php script that can run a bash (shell) script on server B. Both run Linux. No webserver on server B.

I've tried using all the php functions related to executing shell scripts but none work.

The basic php command is this:

$toexec="ssh -p 2272 -i /home/snork/.ssh/id_dsa snork@192.168.1.101 'touch me'";
$exec=exec($toexec);

The format of the command isn't important because the error message I get from the remote server B, is 'Failed password for user snork'.

If I run it from the command line, either as a shell script or as a php program (i.e. php -q test.php), it works properly. If I run it via a web browser, I get the 'Failed password' message.

I've also tried putting in the script things like:

exec('whoami') which prints out 'nobody'
$current_user prints out 'snork'
exec('env') prints out that 'USER=root' and HOME=/home/snork

The results are when running in a browser. Command line runs yield correct information.

Keys are in ~/.ssh and are RW for snork. Keys are good.

I've tried setting HOME=/home/snork before the command. Same results.

Verified with 'ps' that Apache is running as 'nobody'. I've tried various options, arguments, etc. and no matter what I try, it always works from the command line or running it through php from the command line. It never works when accessing it through a web browser.

From what I have gathered, it looks like the php/apache script is being run as user 'nobody' and user 'nobody' doesn't have a password or id_dsa keys.

What I don't understand is what is happening when that is run via a browser and how to tell it to use my (snork) private keys in ~/.ssh. If user 'nobody' is running the php script, can't I still login to the remote server over ssh using my (snork) username an pw?

Does anyone have any ideas that I could try in order to troubleshoot this? Does anyone have any ideas on how to accomplish this beside using the php exec, shell_exec, system functions?

I do not want to run a webserver on server B for security reasons.

Thanks

Re: shell_exec() problem

Posted: Mon Aug 03, 2009 4:36 am
by dejvos
I think that the user is the problem. You should check php.ini too. Some restriction for executing shell commands should be there - I' m not sure right now.

Are you sure that all path to the .ssh is accessable for user nobody (or www-run ... or whatever)?

Re: shell_exec() problem

Posted: Mon Aug 03, 2009 6:10 am
by Eran
what user are you logged into the shell as? if you are logged as root, you have different permissions than the apache process that actually runs the script from the browser. you need to run the bash script with sudo (and add the proper permissions)

Re: shell_exec() problem

Posted: Mon Aug 03, 2009 8:27 am
by VladSun
pytrin++

Or you may copy the identity key into another directory, change its owner to nobody and use it.

man ssh
~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa
Contains the authentication identity of the user. They are for
protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
These files contain sensitive data and should be readable by the
user but not accessible by others (read/write/execute).
Note
that ssh ignores a private key file if it is accessible by oth-
ers. It is possible to specify a passphrase when generating the
key; the passphrase will be used to encrypt the sensitive part of
this file using 3DES.