NYCPHP Meetup

NYPHP.org

[nycphp-talk] Can't do PHP 'exec' for an rsync command via web server

David Roth davidalanroth at gmail.com
Sun Jun 24 18:52:01 EDT 2012


On Sun, Jun 24, 2012 at 11:50 AM, Hans Zaunere <bulk at zaunere.com> wrote:

> > I'm developing a small utility web page to run on my own server which is
> > running CentOS 6.2 and Apache. PHP 5.3.3.
> >
> > I tried using from PHP the exec function and also system, but after
> checking
> > the results nothing is returned. However, when I ran a little fragment of
> > this PHP code from the command line, it worked fine. But it won't execute
> > and return anything when run from a web page.
> >
> > I have searched for an answer and have not been able to find a workable
> > solution to this. I looked and Safe Mode is off for PHP, as it is shipped
> > with CentOS. I've see forum postings about having Apache run as root, but
> > that's not secure. I was wondering if it was possible to put some
> specific
> > commands in sudoers like rsync for apache? That way maybe exec('sudo
> rsync
> > ...'); would work without promoting for a password?
> >
> > I'd greatly appreciate a solution from someone who has already been
> through
> > this. Thanks!
>
>
> Not necessarily a straightforward resolution to this, but some things
> to keep in mind:
>
> - ensure that the CLI and Apache versions of PHP are using the same
> php.ini and that they're logging to the same (or atleast some place
> that you know)
>
> - confirm that the logs don't confirm errors
>
> - use output buffering and system() to execute a command and debug
> what it returns
>
> - permissions are probably a concern which should be reflected in the
> above output
>
> Hopefully that helps a bit :)
>
> H
>

Thanks for the suggestions. The plot thickens. :-)

I decided to have system() execute a shell script to do the rsync to see
what happens. In the shell script I have 2>rsync_results to capture what is
going on. system() was returning 255:

Could not create directory '/var/www/.ssh'.
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: unexplained error (code 255) at io.c(600) [receiver=3.0.6]

I also added this to the last line of the sudoers file:
apache ALL=(ALL) NOPASSWD: ALL

Yes, I know that's not secure and it should just be for the rsync command
only, but I tried that first to see if it made any difference at all, but
it doesn't.

The rsync error output of "Could not create directory '/var/www/.ssh'." to
me at least reveals that the Apache server doesn't have root access and is
operating as user apache, not root. Is my sudoers file wrong? Keep in mind,
if I run this shell script from the command line as root, it works. If I
run the php script from the command line as root it also works.

There is no .ssh in /var/www/.ssh nor should there be. The .ssh for root is
located in /root.

It appears this has to do with permissions, but I'm not sure how to do this
properly. Thanks!

David Roth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120624/483adce5/attachment.html>


More information about the talk mailing list