|
|
Posted by Curtis on 02/01/07 04:30
On Wed, 31 Jan 2007 11:25:46 -0800, Tom <biegel@gmail.com> wrote:
> I have a script which allows a user to upload a file. The script does=
> some filename editing, mimetype checking, etc., and it's then supposed=
> to send the file to a remote server, without any username/password
> prompt ( I have root access to both servers ).
>
> I'm trying to run an exec/passthru command using scp or rsync, but
> there's one fundamental question that I can't answer. When exec is
> called from the command line, e.g. `php some_script.php`, the user
> executing the php script will be whatever user is currently logged
> into the shell. Which user executes php when it's called from http?
> In order to use scp and rsync without being prompted for username/
> password on every command, you need to set the .ssh/authorized_keys on=
> the remote server to accept your login, but without a username I can't=
> do that...
>
> Here's the section that doesn't work:
>
> <?php
> $filename =3D "test.txt" ;
> $dest =3D "/home/user/htdocs/upload/" . $filename ;
> exec("scp $filename remoteuser@some.remove.server:$dest", $output) ;
> print_r($output) ;
> ?>
>
> Now when run from the shell, you can add your specific login to the
> authorized_keys to circumvent manually entering user/pass, but when
> called from http, the script hangs and fails since authorized_keys is
> not set for whatever user executes PHP.
>
> So which user executes php from http? And is there a better way to do=
> this??
>
Apache should be running as nobody, and thus, so should your scripts. =
petersprc's ideas also look helpful, if you're not sure.
-- =
Curtis, http://dyersweb.com
Navigation:
[Reply to this message]
|