Daizzy-Mae
asked on
How to make a GnuPG keyring for PHP user
I can use GnuPG to encrypt a file using a PuTTY command line.
However, it won't encrypt from my PHP website (using this line):
system("/usr/bin/gpg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt");
This is probably because php is running as a different user.
I need to create a keyring for the user who owns the php process and fetch the necessary keys to encrypt the data.
Can anybody guide me through this or point me in the direction of good documentation?
I am using Linux command line on shared hosting.
However, it won't encrypt from my PHP website (using this line):
system("/usr/bin/gpg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt");
This is probably because php is running as a different user.
I need to create a keyring for the user who owns the php process and fetch the necessary keys to encrypt the data.
Can anybody guide me through this or point me in the direction of good documentation?
I am using Linux command line on shared hosting.
PHP should be running by the same user as the www process. Can you ps and see who owns httpd or apache process?
This is probably because php is running as a different user.
Use command su:
# su - <php-user>
and do in shell all you need under its UID.
Use command su:
# su - <php-user>
and do in shell all you need under its UID.
Sorry for damned text formatting.
> This is probably because php is running as a different user.
Use command su:
# su - <php-user>
and do in shell all you need under its UID.
> This is probably because php is running as a different user.
Use command su:
# su - <php-user>
and do in shell all you need under its UID.
It seems, that user apache has no shell :
# grep apache /etc/passwd
apache:x:81:81:added by portage for apache:/var/www:/sbin/nolo gin
OK, there is another way to configure gpg - if everyhing works under root, make the next:
# cp -rav /root/.gnupg /var/www
# chown -R apache.apache /var/www/.gnupg
Here /var/www - is a $HOME for uer apache according to /etc/passwd
# grep apache /etc/passwd
apache:x:81:81:added by portage for apache:/var/www:/sbin/nolo
OK, there is another way to configure gpg - if everyhing works under root, make the next:
# cp -rav /root/.gnupg /var/www
# chown -R apache.apache /var/www/.gnupg
Here /var/www - is a $HOME for uer apache according to /etc/passwd
ASKER
uayneb:
Thank you - what is ps and how do I do it?
Thank you - what is ps and how do I do it?
ASKER
Hi tty2
How do I find out what $HOME is for user apache?
How do I find out what $HOME is for user apache?
ASKER
Thank you.
WEBSITE:
Here are the users from the php readout:
<?php
echo system("id");
?>
uid=186655(timetogoveggie. com) gid=100(users) groups=65533(nobody),65534 (nogroup) uid=186655(timetogoveggie. com) gid=100(users) groups=65533(nobody),65534 (nogroup)
COMMAND LINE:
When I do whoami using PuTTY I get this:
timetogoveggie.com
GnuPG:
I am trying to use keys I created for Rhiannon <rhiannon@viva.org.uk>
WEBSITE:
Here are the users from the php readout:
<?php
echo system("id");
?>
uid=186655(timetogoveggie.
COMMAND LINE:
When I do whoami using PuTTY I get this:
timetogoveggie.com
GnuPG:
I am trying to use keys I created for Rhiannon <rhiannon@viva.org.uk>
# grep apache /etc/passwd
Fields in /etc/passwd separated with ":". The second from the end field - homedir. The last field - shell.
Fields in /etc/passwd separated with ":". The second from the end field - homedir. The last field - shell.
ASKER
tty2:
Thank you.
At the risk of sounding like an utter fool, is this what I need to type into the PuTTY command line?
# grep apache /services:webpages:t:i/tim etogoveggi e.com
It doesn't seem to do anything you see. It is the root direcroty of our website.
Thank you.
At the risk of sounding like an utter fool, is this what I need to type into the PuTTY command line?
# grep apache /services:webpages:t:i/tim
It doesn't seem to do anything you see. It is the root direcroty of our website.
ASKER
tty2
I did this:
<?php
echo($HOME);
?>
and got /root
so should I type this?
# cp -rav /services/webpages/t/i/tim etogoveggi e.com/.gnu pg /root
# chown -R apache.apache /services/webpages/t/i/tim etogoveggi e.com/.gnu pg
I've typed it into the PuTTY command line and hit return and it just moves to the next line without giving any information or an error.
I did this:
<?php
echo($HOME);
?>
and got /root
so should I type this?
# cp -rav /services/webpages/t/i/tim
# chown -R apache.apache /services/webpages/t/i/tim
I've typed it into the PuTTY command line and hit return and it just moves to the next line without giving any information or an error.
Don't type "#". It's prompt sign.
And wait with this directory copying.
Is directory /services/webpages/t/i/tim etogoveggi e.com/.gnu pg exists? Show me please a result of these two commands:
ls -la /services/webpages/t/i/tim etogoveggi e.com/.gnu pg
ls -la $HOME/.gnupg
And wait with this directory copying.
Is directory /services/webpages/t/i/tim
ls -la /services/webpages/t/i/tim
ls -la $HOME/.gnupg
I doubt, that "/root" for php is the same that "/root" in shell.
There is one more way to solve your problem. gpg has parameter "--homedir" which is defaults to $HOME/.gnupg. All what you need is place gpg's config file in directory, accessible to php, and specify it as parameter for gpg
system("/usr/bin/gpg --homedir /some/dir/with/gpg/files ...
There is one more way to solve your problem. gpg has parameter "--homedir" which is defaults to $HOME/.gnupg. All what you need is place gpg's config file in directory, accessible to php, and specify it as parameter for gpg
system("/usr/bin/gpg --homedir /some/dir/with/gpg/files ...
ASKER
Thank you tty2, here are the results:
-------------------------- ---------- ---------- ---------- ---------- ---
ls -la /services/webpages/t/i/tim etogoveggi e.com/.gnu pg
ls: /services/webpages/t/i/tim etogoveggi e.com/.gnu pg: No such file or directory
-------------------------- ---------- ---------- ---------- ---------- ---
ls -la $HOME/.gnupg
[timetogoveggie.com@shell1 c40 /]$ ls -la $HOME/.gnupg
total 36
drwxrwxrwx 2 timetogo web 4096 Mar 24 12:59 .
drwx--S--- 16 timetogo web 4096 Mar 24 14:58 ..
-rw------- 1 timetogo web 8171 Mar 23 06:08 gpg.conf
-rw-r--r-- 1 timetogo web 4071 Mar 23 06:32 pubring.gpg
-rw-r--r-- 1 timetogo web 3174 Mar 23 06:08 pubring.gpg~
-rw-r--r-- 1 timetogo web 600 Mar 24 12:59 random_seed
-rw-r--r-- 1 timetogo web 2070 Mar 23 06:32 secring.gpg
-rw-r--r-- 1 timetogo web 1280 Mar 23 06:42 trustdb.gpg
--------------------------
ls -la /services/webpages/t/i/tim
ls: /services/webpages/t/i/tim
--------------------------
ls -la $HOME/.gnupg
[timetogoveggie.com@shell1
total 36
drwxrwxrwx 2 timetogo web 4096 Mar 24 12:59 .
drwx--S--- 16 timetogo web 4096 Mar 24 14:58 ..
-rw------- 1 timetogo web 8171 Mar 23 06:08 gpg.conf
-rw-r--r-- 1 timetogo web 4071 Mar 23 06:32 pubring.gpg
-rw-r--r-- 1 timetogo web 3174 Mar 23 06:08 pubring.gpg~
-rw-r--r-- 1 timetogo web 600 Mar 24 12:59 random_seed
-rw-r--r-- 1 timetogo web 2070 Mar 23 06:32 secring.gpg
-rw-r--r-- 1 timetogo web 1280 Mar 23 06:42 trustdb.gpg
I have checked phpinfo.php on some server, parameter "include_path". There is a directory /usr/share/php/ mentioned. (please check, if you have this directory, too) So, let's copy .gnupg/ to this directory (or you can change it to what you have in "include_path")
cp -rav $HOME/.gnupg /usr/share/php
change owner of this directory to "apache" (check parameter "User/Group" in section "apache2handler"
chown -R apache /usr/share/php/.gnupg
... and try to run gpg with parameter "--homedir"
system("/usr/bin/gpg --homedir /usr/share/php/.gnupg ...
cp -rav $HOME/.gnupg /usr/share/php
change owner of this directory to "apache" (check parameter "User/Group" in section "apache2handler"
chown -R apache /usr/share/php/.gnupg
... and try to run gpg with parameter "--homedir"
system("/usr/bin/gpg --homedir /usr/share/php/.gnupg ...
ASKER
Hi tty2
My value for include_path is just "."
(https://secure40.securewebsession.com/timetogoveggie.com/vvfshop/phpinfo.php)
So I should:
1. Copy the folder ".gnupg" (which contains gpg.conf) the from the root of my website into a new folder called "gnupg-files".
2. Then go to PuTTY command line and type:
cp -rav $HOME/.gnupg .
3. Then in PuTTY type:
chown -R apache ./gnupg-files/.gnupg
4. Then in PuTTY type:
system("usr/bin/gpg --homedir ./gnupg-files/.gnupg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt")
My value for include_path is just "."
(https://secure40.securewebsession.com/timetogoveggie.com/vvfshop/phpinfo.php)
So I should:
1. Copy the folder ".gnupg" (which contains gpg.conf) the from the root of my website into a new folder called "gnupg-files".
2. Then go to PuTTY command line and type:
cp -rav $HOME/.gnupg .
3. Then in PuTTY type:
chown -R apache ./gnupg-files/.gnupg
4. Then in PuTTY type:
system("usr/bin/gpg --homedir ./gnupg-files/.gnupg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt")
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much for your help and patience.
I understand what you have said now.
Unfortunately I have read only permission on the /usr/local/php/ folder as I am on shared hosting.
I am on bash so the chown command will not work (I am currently Googling for an alternative!).
Thank you again!
I understand what you have said now.
Unfortunately I have read only permission on the /usr/local/php/ folder as I am on shared hosting.
I am on bash so the chown command will not work (I am currently Googling for an alternative!).
Thank you again!
ASKER
Thank you so much for your help and patience.
I understand what you have said now.
Unfortunately I have read only permission on the /usr/local/php/ folder as I am on shared hosting.
I am on bash so the chown command will not work (I am currently Googling for an alternative!).
Thank you again!
I understand what you have said now.
Unfortunately I have read only permission on the /usr/local/php/ folder as I am on shared hosting.
I am on bash so the chown command will not work (I am currently Googling for an alternative!).
Thank you again!
ASKER
Thank you for your very in-depth knowledge and patience.