remote file transfer through http using exec

**petersprc** · Feb 1 '07, 02:45 AM

Re: remote file transfer through http using exec

You could use the -i option to use a different key file. You can
create a new key, then do something like:

scp -q -i /path/to/my-id file user@host:/path

Or setup sudo, which would be better.

You can get the current web user like so:

echo posix_getpwuid( posix_geteuid() );

On Jan 31, 2:25 pm, "Tom" <bie...@gmail.c omwrote:

I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).
>
I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...
>
Here's the section that doesn't work:
>
<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some .remove.server: $dest", $output) ;
print_r($output ) ;
?>
>
Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.
>
So which user executes php from http? And is there a better way to do
this??

**Curtis** · Feb 1 '07, 04:45 AM

Re: remote file transfer through http using exec

On Wed, 31 Jan 2007 11:25:46 -0800, Tom <biegel@gmail.c omwrote:

I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).
>
I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...
>
Here's the section that doesn't work:
>
<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteuser@some .remove.server:$dest", $output) ;
print_r($output ) ;
?>
>
Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.
>
So which user executes php from http? And is there a better way to do
this??
>

Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.

--
Curtis, http://dyersweb.com

**Tom** · Feb 1 '07, 07:05 AM

Re: remote file transfer through http using exec

On Jan 31, 11:30 pm, Curtis <dyers...@veriz on.netwrote:

On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bie...@gmail.c omwrote:

I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

>

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

>

Here's the section that doesn't work:

>

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some .remove.server: $dest", $output) ;
print_r($output ) ;
?>

>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

>

So which user executes php from http? And is there a better way to do
this??

>
Apache should be running as nobody, and thus, so should your scripts.
petersprc's ideas also look helpful, if you're not sure.
>
--
Curtis,http://dyersweb.com

Thanks for the help. I don't believe you can make an id_rsa.pub file
with user `nobody', although it would be interesting to see if you can
manually edit those rsa keys :-)

After all my searching I've found that the PECL extension libssh2 is
really what I'm looking for here:

PHP: SSH2 Functions - Manual

http://us2.php.net/manual/en/ref.ssh2.php

SSH2 Functions

**Curtis** · Feb 3 '07, 02:05 PM

Re: remote file transfer through http using exec

On Wed, 31 Jan 2007 22:52:49 -0800, Tom <biegel@gmail.c omwrote:

On Jan 31, 11:30 pm, Curtis <dyers...@veriz on.netwrote:

>On Wed, 31 Jan 2007 11:25:46 -0800, Tom <bie...@gmail.c omwrote:

I have a script which allows a user to upload a file. The script does
some filename editing, mimetype checking, etc., and it's then supposed
to send the file to a remote server, without any username/password
prompt ( I have root access to both servers ).

>>

I'm trying to run an exec/passthru command using scp or rsync, but
there's one fundamental question that I can't answer. When exec is
called from the command line, e.g. `php some_script.php `, the user
executing the php script will be whatever user is currently logged
into the shell. Which user executes php when it's called from http?
In order to use scp and rsync without being prompted for username/
password on every command, you need to set the .ssh/authorized_keys on
the remote server to accept your login, but without a username I can't
do that...

>>

Here's the section that doesn't work:

>>

<?php
$filename = "test.txt" ;
$dest = "/home/user/htdocs/upload/" . $filename ;
exec("scp $filename remoteu...@some .remove.server: $dest", $output) ;
print_r($output ) ;
?>

>>

Now when run from the shell, you can add your specific login to the
authorized_keys to circumvent manually entering user/pass, but when
called from http, the script hangs and fails since authorized_keys is
not set for whatever user executes PHP.

>>

So which user executes php from http? And is there a better way todo
this??

>>
>Apache should be running as nobody, and thus, so should your scripts.
>petersprc's ideas also look helpful, if you're not sure.
>>
>--
>Curtis,http://dyersweb.com

>
Thanks for the help. I don't believe you can make an id_rsa.pub file
with user `nobody', although it would be interesting to see if you can
manually edit those rsa keys :-)
>
After all my searching I've found that the PECL extension libssh2 is
really what I'm looking for here:

PHP: SSH2 Functions - Manual

http://us2.php.net/manual/en/ref.ssh2.php

SSH2 Functions

>

Glad to hear you've found what you were looking for. Good luck!

--
Curtis, http://dyersweb.com

remote file transfer through http using exec

remote file transfer through http using exec

Comment

Comment

Comment

Comment