473,890 Members | 1,760 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

remote file transfer through http using exec

Tom
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

Here's the section that doesn't work:

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename re********@some .remove.server:$dest", $output) ;
print_r($output ) ;
?>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

So which user executes php from http? And is there a better way to do
this??

Jan 31 '07 #1
4 12620
You could use the -i option to use a different key file. You can
create a new key, then do something like:

scp -q -i /path/to/my-id file user@host:/path

Or setup sudo, which would be better.

You can get the current web user like so:

echo posix_getpwuid( posix_geteuid() );

On Jan 31, 2:25 pm, "Tom" <bie...@gmail.c omwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

Here's the section that doesn't work:

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some .remove.server: $dest", $output) ;
print_r($output ) ;
?>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

So which user executes php from http? And is there a better way to do
this??

Feb 1 '07 #2
On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bi****@gmail.c omwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

Here's the section that doesn't work:

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename re********@some .remove.server:$dest", $output) ;
print_r($output ) ;
?>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

So which user executes php from http? And is there a better way to do
this??
Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.

--
Curtis, http://dyersweb.com
Feb 1 '07 #3
Tom
On Jan 31, 11:30 pm, Curtis <dyers...@veriz on.netwrote:
On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bie...@gmail.c omwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).
I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...
Here's the section that doesn't work:
<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some .remove.server: $dest", $output) ;
print_r($output ) ;
?>
Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.
So which user executes php from http? And is there a better way to do
this??

Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.

--
Curtis,http://dyersweb.com
Thanks for the help. I don't believe you can make an id_rsa.pub file
with user `nobody', although it would be interesting to see if you can
manually edit those rsa keys :-)

After all my searching I've found that the PECL extension libssh2 is
really what I'm looking for here:
http://us2.php.net/manual/en/ref.ssh2.php

Feb 1 '07 #4
On Wed, 31 Jan 2007 22:52:49 -0800, Tom <bi****@gmail.c omwrote:
On Jan 31, 11:30 pm, Curtis <dyers...@veriz on.netwrote:
>On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bie...@gmail.c omwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).
I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...
Here's the section that doesn't work:
<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some .remove.server: $dest", $output) ;
print_r($output ) ;
?>
Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.
So which user executes php from http? And is there a better way todo
this??

Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.

--
Curtis,http://dyersweb.com

Thanks for the help. I don't believe you can make an id_rsa.pub file
with user `nobody', although it would be interesting to see if you can
manually edit those rsa keys :-)

After all my searching I've found that the PECL extension libssh2 is
really what I'm looking for here:
http://us2.php.net/manual/en/ref.ssh2.php
Glad to hear you've found what you were looking for. Good luck!

--
Curtis, http://dyersweb.com
Feb 3 '07 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
4741
by: Alexander Gilman Carver | last post by:
I have written a pair of scripts that are supposed to work together to display an index of files and then, upon the user choosing the files (with checkboxes on an HTML form submitted to itself), tar/gzip the file and send it to them. To this end the first script performs an exec() call and generates the archive (it's a random number but we'll call it foo.bar.tar.gz) and then writes a META tag into the page after it submits the HTML form...
0
1415
by: Kolar | last post by:
1.. EXEC sp_addlinkedserver ServerName1, N'SQL Server' EXEC sp_addlinkedserver ServerName2 EXEC sp_configure 'remote access', 1 RECONFIGURE GO 2.. Stop and restart the first SQL Server. 3.. 4.. Run the following code on the second SQL Server. Make sure you are logging in using SQL Server Authentication. 5.. -- The example shows how to set up access for a login 'sa'
0
3300
by: bettervssremoting | last post by:
To view the full article, please visit http://www.BetterVssRemoting.com Better VSS Remote Access Tool including SourceOffSite, SourceAnyWhere and VSS Remoting This article makes a detailed comparison among SourceAnyWhere, SourceOffSite, VSS Remoting and possible others.
4
2451
by: TWEB | last post by:
I think I may have an IIS / ASP.Net Configuration issue that I need some guidance with resolving. Here's the problem: a) I have a .stm file. b) I referenc a .aspx file on this .stm file using a server-side-include directive: <!-- include virtual="../../foobar.aspx"--> c)When the .stm file is rendered: The .aspx file is included, but it doesn't look like the ASP.NET engine is processing the page, because I see the raw
8
2785
by: robert | last post by:
Hello, I want to put (incrementally) changed/new files from a big file tree "directly,compressed and password-only-encrypted" to a remote backup server incrementally via FTP,SFTP or DAV.... At best within a closed algorithm inside Python without extra shell tools. (The method should work with any protocol which allows somehow read, write & seek to a remote file.) On the server and the transmission line there should never be...
1
1437
by: Prarthana Choudhary | last post by:
Hi, I have to search some tablename in all of existing SPs. I want to have content of all SPs in a particular text file . Plz tell me...how can I transfer the result of all executed statements to a particular specified file.... as i am using sql client and using................. exec sp_helptext <SP name1>
0
1757
by: boomertoo55 | last post by:
Trying to exec DTS task involving load of MS Access table to SQL Server 2000 table using Data Pump task via remote exec of xp_cmdshell command of dtsrun. That is, on client, connect to database server and exec user stored procedure containing command EXEC xp_cmdshell @cmd where @cmd has been set to 'dtsrun /S /E /N DTS Package Name. Fails with: DTSRun OnError: DTSStep_DTSDataPumpTask_1, Error = -2147467259 (80004005) Error string: ...
3
9745
by: axelman | last post by:
Hi guys, I'm using Classic ASP, IIS6, IE 7, FF 3 I've developed a vb script to downloand files hosted in my server (zip, doc, pdf, jpg, xls, et. etc.) it's very straight forward and there's a lot of information around the web, however when it comes to dowload files from a remote server (NOT hosted in my server) there is no information :-(, the idea is to have an Access DB that stores the full url...
4
2962
by: empiresolutions | last post by:
I'm trying to call a PHP page to run when called from another page. To do this it seems i have to use the exec() function. The code would go something like // set pathing $file = 'TEXT_small.m4v'; $localfile = '/user/dac420/incoming/'.$file; $remotefolder = '/user/dac420/outgoing/'; // exec the file and pass vars. transfer.php for this example just echo's Hi to the motherboard. exec('php transfer.php '.$localfile.' '.$remotefolder.' >...
0
11212
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
10899
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9614
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
8004
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7154
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5832
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
6032
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
4255
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3263
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.