Re: [PHP] exec returns no output?
On Sat, September 30, 2006 9:33 am, Nick Wilson wrote: > Tha'ts exactly what i think it's doing. The -i specifies an identity > file according to the man page for scp so i would have hoped that > would > take care of it (as i cant work out how to generate an identity for > the > apache user itself) but i guess it is doing exactly as you say.. So you made *YOUR* identity file available to the Apache user?... Think this through... Are you on a shared server? If yes, anybody who can write a PHP script can masquerede as "you" and do whatever "you" can do with that "identity" -- So if you've got the private_key of that identity anywhere *other* than at [EMAIL PROTECTED], that's probably a Bad Idea. Even on a dedicated server, you want to make sure that this particular identity file is used ONLY for Apache to do this transfer, and nothing else -- You really want to document this heavily everywhere, so nobody comes along afterwards and uses that private key for something important, not realizing that you've essentially compromised it for Apache (i.e., anybody who manages to get a file onto that server) I'm not saying what you've done is Bad. I'm saying it's really easy for you to have done it Badly without realizing it, and we can't tell from what you've posted and the consequences are serious, so we're possibly gonna tell you "too much" that you already know... :-) -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec returns no output?
On Sat, September 30, 2006 7:22 am, Nick Wilson wrote:
> i've searched and racked my brains, checked config files and all sorts
> but cannot work out why the following command would give me an empty
> array (and certainly not actually perform the requested command...)
>
> exec('scp -v -i /id_dsa file.txt [EMAIL PROTECTED]:/target/dir/',
> $argh);
> print_r($argh);
>
> I can only surmise there is some setting todo with ssh/scp that im
> unaware of?
For starters, you should us a FULL PATH to /id_dsa because the shell
exec() uses is not a full-blown shell in your home directory.
Next, you have to realize that PHP does not run as "you" but as
"nobody" or "www" or some similarly less-enabled user, for security
reasons, on most setups.
Third, you should use the optional third argument to exec() so you can
get the OS error number of what went wrong. For bonus points, you can
install my http://l-i-e.com/perror module to get the error number
converted to a nice string, or you can fire up an ssh shell and do:
perror ## where ## is what came back in this optional third argument.
Fourth, you really should use the full path to scp, as, again, the
shell exec() is using is not a full-blown shell like you get when you
login, and PHP is not running as "you" so may not even have permission
to run scp.
Did I mention that PHP doesn't run as you, so this all boils down to a
permissions problem? :-)
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec returns no output?
* and then Ray Hauge declared
> On Saturday 30 September 2006 7:22 am, Nick Wilson wrote:
> > hi all,
> >
> > i've searched and racked my brains, checked config files and all sorts
> > but cannot work out why the following command would give me an empty
> > array (and certainly not actually perform the requested command...)
> >
> > exec('scp -v -i /id_dsa file.txt [EMAIL PROTECTED]:/target/dir/', $argh);
> > print_r($argh);
> >
> > I can only surmise there is some setting todo with ssh/scp that im
> > unaware of?
> >
> > any ideas welcomed, thanks!
> > --
> > Nick Wilson
> > http://performancing.com/user/1
>
> Do you use generated keys without a password for logging in? Otherwise
> exec()
> is just going to sit there while the scp command waits for a password.
Tha'ts exactly what i think it's doing. The -i specifies an identity
file according to the man page for scp so i would have hoped that would
take care of it (as i cant work out how to generate an identity for the
apache user itself) but i guess it is doing exactly as you say..
--
Nick Wilson
http://performancing.com/user/1
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] exec returns no output?
On Saturday 30 September 2006 7:22 am, Nick Wilson wrote:
> hi all,
>
> i've searched and racked my brains, checked config files and all sorts
> but cannot work out why the following command would give me an empty
> array (and certainly not actually perform the requested command...)
>
> exec('scp -v -i /id_dsa file.txt [EMAIL PROTECTED]:/target/dir/', $argh);
> print_r($argh);
>
> I can only surmise there is some setting todo with ssh/scp that im
> unaware of?
>
> any ideas welcomed, thanks!
> --
> Nick Wilson
> http://performancing.com/user/1
Do you use generated keys without a password for logging in? Otherwise exec()
is just going to sit there while the scp command waits for a password.
--
Ray Hauge
Application Development Lead
American Student Loan Services
www.americanstudentloan.com
1.800.575.1099
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] exec returns no output?
hi all,
i've searched and racked my brains, checked config files and all sorts
but cannot work out why the following command would give me an empty
array (and certainly not actually perform the requested command...)
exec('scp -v -i /id_dsa file.txt [EMAIL PROTECTED]:/target/dir/', $argh);
print_r($argh);
I can only surmise there is some setting todo with ssh/scp that im
unaware of?
any ideas welcomed, thanks!
--
Nick Wilson
http://performancing.com/user/1
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
