Solved

PHP execute UNIX command

Posted on 2009-06-29
5
2,177 Views
Last Modified: 2013-12-13
I am want to use PHP to 'exec' a pgp encryption command. Regardless of the command line I get either a err 64 (parser error) or 162 (complete failure during an encode). So I have reduced the command line within the PHP program to:

exec("/opt/pgp/bin/pgp --fingerprint", $results);

If I run "/opt/pgp/bin/pgp --fingerprint" on a command line I get "2 keys found" and the expected display. But the same exec under PHP gives me the parser error 64. I have tried "\n" to the string command and that does not make a difference. The user runs as 'nobody' in the browser which does have execute permission. If pgp was not at least starting up I would not even see the 'parser error' from it.

Is there something special I need to do in order to run pgp under PHP?

0
Comment
Question by:esc_toe_account
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:Michal-Drozd
ID: 24741152
try following (replace " with ') :
exec('/opt/pgp/bin/pgp --fingerprint', $results);

Open in new window

0
 

Author Comment

by:esc_toe_account
ID: 24750009
Thanks for responding.

SIngle versus double quotes do not make a difference. I have gotten --fingerprint to work and the key was setting the environment variable PGP_HOME_DIR.
0
 

Author Comment

by:esc_toe_account
ID: 24750033
With that one small step forward I have returned to the original problem which is getting pgp to actrually encrypt a file running as a shell command from PHP called by a browser. The exec() command is:

/opt/pgp/bin/pgp --encrypt /export/home/eckankar/dev/inc/test.txt -r 'membership' --overwrite remove --home-dir /export/home/pgphome/.pgp -v --status-file /export/home/eckankar/dev/inc/test.txt.err

 The command runs fine if I run it on the unix command line; it also runs fine if I run the php script from a command line (which in turn will shell out to exec(pgp).....); it also runs fine if a browser executes a perl script which shells out to the pgp command. However when I run it from the browser, calling PHP, I get a permission denied error shown on the last line of the status-file as follows:

pgp:encrypt (3157:current local time 2009-06-30T07:41:18-05:00)
/export/home/pgphome/.pgp/pubring.pkr : open keyrings (1006 : public keyring)
/export/home/pgphome/.pgp/secring.skr : open keyrings (1007 : private keyring)
0x221DC947:encrypt (1030 : key added to recipient list)
/export/home/eckankar/dev/inc/test.txt:encrypt (3048 : data encrypted with cipher AES-128)
/export/home/eckankar/dev/inc/test.txt:encrypt (3124 : permission denied)

So the question is: what permission is being denied?

It most certainly is not test.txt, the input file. It obviously reads it and encrypts the data so that permission is fine. Further, I set its permission for the world as 'wr'. The output file, going to the same directory as the input file with a .pgp extension, should not be a problem either as that folder is set to world 'rw'. Since pgp creates the status file shown above (in the same folder) there can't be a permission issue with that folder.

The issue is almost certainly a permission associated with the user. The browser runs as 'nobody' which has almost no environment variables and very few permissions. (Note the perl script runs fine as 'nobody'!) But as a member of 'world/other' it does have 'rw' to all the folders it requires. So can anyone suggest what permission might be needed here?
0
 
LVL 3

Accepted Solution

by:
Michal-Drozd earned 500 total points
ID: 24750332
Perhaps i found the solution to this. It appears apache is using a working folder where it isn't an owner or isn't part of pgp's working folder. This is usually the site's current working folder - the folder where the web page was loaded.

To get this to work always set --temp-dir to the same folder where the encryption takes place.
0
 

Author Closing Comment

by:esc_toe_account
ID: 31598575
Good work Michal-Drozd - that was indeed the solution..
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question