Posted by Tom on 01/31/07 19:25

I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php`, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

Here's the section that doesn't work:

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteuser@some.remove.server:$dest", $output) ;
print_r($output) ;
?>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

So which user executes php from http? And is there a better way to do
this??

[Back to original message]