How to make a GnuPG keyring for PHP user

I can use GnuPG to encrypt a file using a PuTTY command line.
However, it won't encrypt from my PHP website (using this line):

system("/usr/bin/gpg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt");

This is probably because php is running as a different user.

I need to create a keyring for the user who owns the php process and fetch the necessary keys to encrypt the data.

Can anybody guide me through this or point me in the direction of good documentation?

I am using Linux command line on shared hosting.
Daizzy-MaeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

uaynebCommented:
PHP should be running by the same user as the www process.  Can you ps and see who owns httpd or apache process?  
0
tty2Commented:
This is probably because php is running as a different user.
Use command su:

# su - <php-user>

and do in shell all you need under its UID.
0
tty2Commented:
Sorry for damned text formatting.

> This is probably because php is running as a different user.
Use command su:

# su - <php-user>

and do in shell all you need under its UID.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

tty2Commented:
It seems, that user apache has no shell :

# grep apache /etc/passwd
apache:x:81:81:added by portage for apache:/var/www:/sbin/nologin

OK, there is another way to configure gpg - if everyhing works under root, make the next:

# cp -rav /root/.gnupg /var/www
# chown -R apache.apache /var/www/.gnupg

Here /var/www - is a $HOME for uer apache according to /etc/passwd
0
Daizzy-MaeAuthor Commented:
uayneb:

Thank you - what is ps and how do I do it?
0
Daizzy-MaeAuthor Commented:
Hi tty2

How do I find out what $HOME is for user apache?

0
Daizzy-MaeAuthor Commented:
Thank you.

WEBSITE:
Here are the users from the php readout:
<?php
echo system("id");
?>
uid=186655(timetogoveggie.com) gid=100(users) groups=65533(nobody),65534(nogroup) uid=186655(timetogoveggie.com) gid=100(users) groups=65533(nobody),65534(nogroup)

COMMAND LINE:
When I do whoami using PuTTY I get this:
timetogoveggie.com

GnuPG:
I am trying to use keys I created for Rhiannon <rhiannon@viva.org.uk>
0
tty2Commented:
# grep apache /etc/passwd

Fields in /etc/passwd separated with ":". The second from the end field - homedir. The last field - shell.
0
Daizzy-MaeAuthor Commented:
tty2:

Thank you.

At the risk of sounding like an utter fool, is this what I need to type into the PuTTY command line?

# grep apache /services:webpages:t:i/timetogoveggie.com

It doesn't seem to do anything you see. It is the root direcroty of our website.
0
Daizzy-MaeAuthor Commented:
tty2

I did this:

<?php
echo($HOME);
?>

and got /root

so should I type this?

# cp -rav /services/webpages/t/i/timetogoveggie.com/.gnupg /root
# chown -R apache.apache /services/webpages/t/i/timetogoveggie.com/.gnupg

I've typed it into the PuTTY command line and hit return and it just moves to the next line without giving any information or an error.
0
tty2Commented:
Don't type "#". It's prompt sign.
And wait with this directory copying.
Is directory /services/webpages/t/i/timetogoveggie.com/.gnupg exists? Show me please a result of these two commands:

ls -la /services/webpages/t/i/timetogoveggie.com/.gnupg
ls -la $HOME/.gnupg
0
tty2Commented:
I doubt, that "/root" for php is the same that "/root" in shell.
There is one more way to solve your problem. gpg has parameter "--homedir" which is defaults to $HOME/.gnupg. All what you need is place gpg's config file in directory, accessible to php, and specify it as parameter for gpg

system("/usr/bin/gpg --homedir /some/dir/with/gpg/files ...
0
Daizzy-MaeAuthor Commented:
Thank you tty2, here are the results:

---------------------------------------------------------------------
ls -la /services/webpages/t/i/timetogoveggie.com/.gnupg
ls: /services/webpages/t/i/timetogoveggie.com/.gnupg: No such file or directory

---------------------------------------------------------------------
ls -la $HOME/.gnupg
[timetogoveggie.com@shell1c40 /]$ ls -la $HOME/.gnupg
total 36
drwxrwxrwx    2 timetogo web          4096 Mar 24 12:59 .
drwx--S---   16 timetogo web          4096 Mar 24 14:58 ..
-rw-------    1 timetogo web          8171 Mar 23 06:08 gpg.conf
-rw-r--r--    1 timetogo web          4071 Mar 23 06:32 pubring.gpg
-rw-r--r--    1 timetogo web          3174 Mar 23 06:08 pubring.gpg~
-rw-r--r--    1 timetogo web           600 Mar 24 12:59 random_seed
-rw-r--r--    1 timetogo web          2070 Mar 23 06:32 secring.gpg
-rw-r--r--    1 timetogo web          1280 Mar 23 06:42 trustdb.gpg
0
tty2Commented:
I have checked phpinfo.php on some server, parameter "include_path". There is a directory /usr/share/php/ mentioned. (please check, if you have this directory, too) So, let's copy .gnupg/ to this directory (or you can change it to what you have in "include_path")

cp -rav $HOME/.gnupg /usr/share/php

change owner of this directory to "apache" (check parameter "User/Group" in section "apache2handler"

chown -R apache /usr/share/php/.gnupg

... and try to run gpg with parameter "--homedir"

system("/usr/bin/gpg --homedir /usr/share/php/.gnupg ...
0
Daizzy-MaeAuthor Commented:
Hi tty2

My value for include_path is just "."
(https://secure40.securewebsession.com/timetogoveggie.com/vvfshop/phpinfo.php)

So I should:

1. Copy the folder ".gnupg" (which contains gpg.conf) the from the root of my website into a new folder called "gnupg-files".

2. Then go to PuTTY command line and type:

cp -rav $HOME/.gnupg .

3. Then in PuTTY type:

chown -R apache ./gnupg-files/.gnupg

4. Then in PuTTY type:
system("usr/bin/gpg --homedir ./gnupg-files/.gnupg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt")
0
tty2Commented:
1. Copy the folder ".gnupg" (which contains gpg.conf) the from the root of my website into a new folder called "gnupg-files".

No. There is no need to do that.

2. Then go to PuTTY command line and type: cp -rav $HOME/.gnupg .

"." means "current directory". What is the current directory for php, which you see in phpinfo (include_path), and for shell, in which you are working when you connect via ssh with putty? They may differ.
Better copy to /usr/local/php/

cp -rav $HOME/.gnupg /usr/local/php/

3. Then in PuTTY type:chown -R apache ./gnupg-files/.gnupg

chown -R apache /usr/local/php/.gnupg

4. Then in PuTTY type:system("usr/bin/gpg --homedir ./gnupg-files/.gnupg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt")

It is not in putty. In putty everything works, as you wrote above (yes?). It is problematic command of php, which you mentioned at the beginning. It must be

system("usr/bin/gpg --homedir /usr/local/php/.gnupg --encrypt -ao $crypted -r 'Rhiannon <rhiannon@viva.org.uk>' $plainTxt")
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Daizzy-MaeAuthor Commented:
Thank you so much for your help and patience.

I understand what you have said now.

Unfortunately I have read only permission on the /usr/local/php/ folder as I am on shared hosting.

I am on bash so the chown command will not work (I am currently Googling for an alternative!).

Thank you again!
0
Daizzy-MaeAuthor Commented:
Thank you so much for your help and patience.

I understand what you have said now.

Unfortunately I have read only permission on the /usr/local/php/ folder as I am on shared hosting.

I am on bash so the chown command will not work (I am currently Googling for an alternative!).

Thank you again!
0
Daizzy-MaeAuthor Commented:
Thank you for your very in-depth knowledge and patience.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.