Having issues with PHP Exec

[ruuz]

Hello friends,

I am having a serious headache with one command that I want to execute via PHP Exec.

The scenario is that I have a gpg file that is encrypted by the sender.

I want to decrypt it with this command.

gpg -d -o /home/username/public_html/data/output.zip /home/username/public_html/encrypted/input.zip.gpg

Now both this directories have permissions set to 777

The input file does exists at the given path. The output folder also exists.

If I run the command via SSH in putty. Then it works nice and it does decrypts the file and gives me the output.zip

Only problem is I can't run the same thing via PHP Exec.

Hoping that someone will help me here. I have tried almost all ways that I knew

Thanks.

 

[eth00]

You need to use permissions other then 777, that is going to cause it to fail. Try lowering the permissions to 755 and you should be fine. Since you run the commands as the user instead of nobody you don't need the full 777

 

[ruuz]

Hmm It says there was a problem on line 136. Where it is trying to write the file.

With 755 it is not working

 

[Spiral]

First off, I think you might be a little confused as you said "PHP SuExec" but that is very old and not used very much these days.

It is more likely that you are running SuPHP which is quite different ...

In either case, your mistake is following the script instructions incorrectly
telling you to set files or folders to permission 777. The script author
assumed in their instructions that you were running PHP insecurely as
a DSO (Apache module) under the user "nobody" instead of as a CGI
under phpSuExec or SuPHP.

With either of these, you CANNOT have any
file or folder set to permission 777 or 666 and you don't need it either!

Under the old phpSuExec, you can set script permissions as tight as 750
and the typical permission setting for most scripts is 755.

Under SuPHP, you can set script permissions as tight as 400 and the
typical permission setting is 644 or 640.

Your web folders (directories) should be set to permission 755

Use what I told you above and disregard the instructions of any script
that tells you that you should set the permissions to 777. That is wrong!

Hmm It says there was a problem on line 136. Where it is trying to write the file.

You would need to look at line #136 of your script file and see what is happening there.

Some script authors stupidly check to see if a script is 777 instead of just checking to see if they
are actually able to write to a file and if that is the call that is being made, you should bypass the code.

In your GPG code example in your first post, you were using paths and system calls that may be restricted
by the current settings of your PHP.INI file (Usually in /usr/local/lib). You may want to check your settings.

NOTE: You also need to make sure that your script files are owed by the account owner and not user 'nobody'.

 

[ruuz]

God Nothing works.

Here is my php code to be exact.

<?php
$command = "gpg -d -o /home/username/public_html/data/output.zip /home/username/public_html/encrypted/input.zip.gpg";

$a = exec("$command");

echo "$command<br />";

echo "<pre>$a</pre>";
?>

Checklist till now :
Safe mode = CHECKED and it is OFF
CHOWN & CHMOD = Tried all combinations.
Folders = Tried all permissions.

Do you think I am messing up with the command itself? somewhere?

Thanks a lot for all your help I really appreciate it.

 

[ruuz]

Tried more things.

Some more info:

I created the key from SSH as root.

Gave the user "one" and password for that fingerprint

I went into SSH and tried su - to other users.

None works except root. When I am root I can decrypt the file.

So does that means PHP cannot decrypt this file and only root user can decrypt it?

Thanks a lot