esc_toe_account
asked on
PHP execute UNIX command
I am want to use PHP to 'exec' a pgp encryption command. Regardless of the command line I get either a err 64 (parser error) or 162 (complete failure during an encode). So I have reduced the command line within the PHP program to:
exec("/opt/pgp/bin/pgp --fingerprint", $results);
If I run "/opt/pgp/bin/pgp --fingerprint" on a command line I get "2 keys found" and the expected display. But the same exec under PHP gives me the parser error 64. I have tried "\n" to the string command and that does not make a difference. The user runs as 'nobody' in the browser which does have execute permission. If pgp was not at least starting up I would not even see the 'parser error' from it.
Is there something special I need to do in order to run pgp under PHP?
exec("/opt/pgp/bin/pgp --fingerprint", $results);
If I run "/opt/pgp/bin/pgp --fingerprint" on a command line I get "2 keys found" and the expected display. But the same exec under PHP gives me the parser error 64. I have tried "\n" to the string command and that does not make a difference. The user runs as 'nobody' in the browser which does have execute permission. If pgp was not at least starting up I would not even see the 'parser error' from it.
Is there something special I need to do in order to run pgp under PHP?
ASKER
Thanks for responding.
SIngle versus double quotes do not make a difference. I have gotten --fingerprint to work and the key was setting the environment variable PGP_HOME_DIR.
SIngle versus double quotes do not make a difference. I have gotten --fingerprint to work and the key was setting the environment variable PGP_HOME_DIR.
ASKER
With that one small step forward I have returned to the original problem which is getting pgp to actrually encrypt a file running as a shell command from PHP called by a browser. The exec() command is:
/opt/pgp/bin/pgp --encrypt /export/home/eckankar/dev/ inc/test.t xt -r 'membership' --overwrite remove --home-dir /export/home/pgphome/.pgp -v --status-file /export/home/eckankar/dev/ inc/test.t xt.err
The command runs fine if I run it on the unix command line; it also runs fine if I run the php script from a command line (which in turn will shell out to exec(pgp).....); it also runs fine if a browser executes a perl script which shells out to the pgp command. However when I run it from the browser, calling PHP, I get a permission denied error shown on the last line of the status-file as follows:
pgp:encrypt (3157:current local time 2009-06-30T07:41:18-05:00)
/export/home/pgphome/.pgp/ pubring.pk r : open keyrings (1006 : public keyring)
/export/home/pgphome/.pgp/ secring.sk r : open keyrings (1007 : private keyring)
0x221DC947:encrypt (1030 : key added to recipient list)
/export/home/eckankar/dev/ inc/test.t xt:encrypt (3048 : data encrypted with cipher AES-128)
/export/home/eckankar/dev/ inc/test.t xt:encrypt (3124 : permission denied)
So the question is: what permission is being denied?
It most certainly is not test.txt, the input file. It obviously reads it and encrypts the data so that permission is fine. Further, I set its permission for the world as 'wr'. The output file, going to the same directory as the input file with a .pgp extension, should not be a problem either as that folder is set to world 'rw'. Since pgp creates the status file shown above (in the same folder) there can't be a permission issue with that folder.
The issue is almost certainly a permission associated with the user. The browser runs as 'nobody' which has almost no environment variables and very few permissions. (Note the perl script runs fine as 'nobody'!) But as a member of 'world/other' it does have 'rw' to all the folders it requires. So can anyone suggest what permission might be needed here?
/opt/pgp/bin/pgp --encrypt /export/home/eckankar/dev/
The command runs fine if I run it on the unix command line; it also runs fine if I run the php script from a command line (which in turn will shell out to exec(pgp).....); it also runs fine if a browser executes a perl script which shells out to the pgp command. However when I run it from the browser, calling PHP, I get a permission denied error shown on the last line of the status-file as follows:
pgp:encrypt (3157:current local time 2009-06-30T07:41:18-05:00)
/export/home/pgphome/.pgp/
/export/home/pgphome/.pgp/
0x221DC947:encrypt (1030 : key added to recipient list)
/export/home/eckankar/dev/
/export/home/eckankar/dev/
So the question is: what permission is being denied?
It most certainly is not test.txt, the input file. It obviously reads it and encrypts the data so that permission is fine. Further, I set its permission for the world as 'wr'. The output file, going to the same directory as the input file with a .pgp extension, should not be a problem either as that folder is set to world 'rw'. Since pgp creates the status file shown above (in the same folder) there can't be a permission issue with that folder.
The issue is almost certainly a permission associated with the user. The browser runs as 'nobody' which has almost no environment variables and very few permissions. (Note the perl script runs fine as 'nobody'!) But as a member of 'world/other' it does have 'rw' to all the folders it requires. So can anyone suggest what permission might be needed here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good work Michal-Drozd - that was indeed the solution..
Open in new window