Posted by Roger Thomas on 08/18/05 10:22

Quoting Richard Lynch <ceo@l-i-e.com>:

> If 'www' can do it in a shell, then PHP, running as 'www' can usually do do it

www is a Limux system user on both svrA and svrB.
On svrA, Apache runs as user nobody. I mean, this is the httpd user, where we defined it in httpd.conf:
User nobody
Group nobody

My bad, I shud have use roger instead of www.

> //Do this:
> exec('ssh www@svrB /tmp/test.sh someDIR', $output, $error);
> if ($error) echo "OS Error: $error\n";
> echo implode("\n", $output);

I got this: OS Error: 255


> This will tell you what error messages, if any, you are getting.
>
> Most likely what is happening is that the 'www' user in PHP does not
> have a true shell set up -- so 'www' has no "home" dir, so ssh does
> not find the keys you stuck in ~/.ssh/ so you need to do something
> like:
>
> exec('ssh -i /home/www/.ssh www@svrB /tmp/test.sh someDIR', $output,
> $error);

In my case, user nobody (that Apache runs as in svrA), does not have a true shell setup. How do I create a private/public key for user nobody when I can't even login as user nobody (as it does not have a true shell) ?

What's my option ?

> Though why you have a 'www@svrA' user and then have 'nobody@svrA'
> running Apache/PHP is beyond my ken...

Sorry for the confusion.

> It's usually the PRIVATE key belonging to 'www@svrA' that you would
> have sitting in the .ssh directory for 'www@svrA' and then the PUBLIC
> half would be sitting in 'www@svrB' .ssh directory.

Yes, I did that. I logged in as user www in svrA and executed ssh-keygen -t rsa. I then copied id_rsa.pub to svrB and called it /home/www/.ssh/authorized_keys. As noted, user www are system users in svrA and svrB.

> I'd be real worried about the script that only 'root' can run...
>
> Set up a new user on svrB that has permission to create the
> directories you need, and that's pretty much all that user can do.
>
> Using 'root' access is just too much power.

I mean, I want to execute a command in svrB where only root can do so. Like 'shutdown' or something else.

Appreciate your advise. TIA

--
Roger


---------------------------------------------------
Sign Up for free Email at http://ureg.home.net.my/
---------------------------------------------------

• Next in forum: Re: [PHP] PEAR and MSSQL
• Prev in forum: Re: [PHP] 'God' has spoken... :-)
• Thread view: Re: [PHP] Re: run remote shell script

[Reply to this message]