By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,051 Members | 1,258 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,051 IT Pros & Developers. It's quick & easy.

remote file transfer through http using exec

P: n/a
Tom
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php`, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

Here's the section that doesn't work:

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename re********@some.remove.server:$dest", $output) ;
print_r($output) ;
?>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

So which user executes php from http? And is there a better way to do
this??

Jan 31 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
You could use the -i option to use a different key file. You can
create a new key, then do something like:

scp -q -i /path/to/my-id file user@host:/path

Or setup sudo, which would be better.

You can get the current web user like so:

echo posix_getpwuid(posix_geteuid());

On Jan 31, 2:25 pm, "Tom" <bie...@gmail.comwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php`, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

Here's the section that doesn't work:

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some.remove.server:$dest", $output) ;
print_r($output) ;
?>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

So which user executes php from http? And is there a better way to do
this??

Feb 1 '07 #2

P: n/a
On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bi****@gmail.comwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php`, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

Here's the section that doesn't work:

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename re********@some.remove.server:$dest", $output) ;
print_r($output) ;
?>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

So which user executes php from http? And is there a better way to do
this??
Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.

--
Curtis, http://dyersweb.com
Feb 1 '07 #3

P: n/a
Tom
On Jan 31, 11:30 pm, Curtis <dyers...@verizon.netwrote:
On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bie...@gmail.comwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).
I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php`, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...
Here's the section that doesn't work:
<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some.remove.server:$dest", $output) ;
print_r($output) ;
?>
Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.
So which user executes php from http? And is there a better way to do
this??

Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.

--
Curtis,http://dyersweb.com
Thanks for the help. I don't believe you can make an id_rsa.pub file
with user `nobody', although it would be interesting to see if you can
manually edit those rsa keys :-)

After all my searching I've found that the PECL extension libssh2 is
really what I'm looking for here:
http://us2.php.net/manual/en/ref.ssh2.php

Feb 1 '07 #4

P: n/a
On Wed, 31 Jan 2007 22:52:49 -0800, Tom <bi****@gmail.comwrote:
On Jan 31, 11:30 pm, Curtis <dyers...@verizon.netwrote:
>On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bie...@gmail.comwrote:
I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).
I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php`, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keyson
the remote server to accept your login, but without a username I can't
do that...
Here's the section that doesn't work:
<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some.remove.server:$dest", $output) ;
print_r($output) ;
?>
Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.
So which user executes php from http? And is there a better way todo
this??

Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.

--
Curtis,http://dyersweb.com

Thanks for the help. I don't believe you can make an id_rsa.pub file
with user `nobody', although it would be interesting to see if you can
manually edit those rsa keys :-)

After all my searching I've found that the PECL extension libssh2 is
really what I'm looking for here:
http://us2.php.net/manual/en/ref.ssh2.php
Glad to hear you've found what you were looking for. Good luck!

--
Curtis, http://dyersweb.com
Feb 3 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.