Well what I would like to accomplish to be able to login under a user with the users' username and password and then run multiple ssh commands. if the command runs successfully i want it to be able to display a message saying so and if not i need to make it say error or something. I am just trying to get the basics of this working since I get how to run stuff in ssh files now just not in php! all your help is GREATLY appreciated! thanks!

You'll probably want to look into the proc_open() (http://ca3.php.net/proc_open) function to implement something like this. It's not the simplest function to understand, especially if you don't fully understand standard in, standard out, standard error, pipes, how processes run on a unix machine, etc. If you want to log in as a user, you'll need to actually ssh to the loopback (php doesn't use 'ssh' to run shell commands, and anything run as php will run as the user the web server runs as). Also, be *extremely* careful with security with something like this. In fact, I'd strongly recommend you *not* attempt anything of the sort. Just use an SSH client.

Check out the shell_exec() command. I'm not sure about using it but you could give it a shot.

Goto http://au2.php.net/shell_exec

thanks. when using the shell_exec(); script who am I logged in under? What user? How would I go about changing user using loopback? You said that php doesnt run ssh so you mean there is no way to run ssh commands well, then how do all the game cp's that are programmed in php work?

Originally posted by livewireh
You said that php doesnt run ssh so you mean there is no way to run ssh commands well, then how do all the game cp's that are programmed in php work?

You have a fundamental misunderstanding of what SSH, indeed what a shell is.

SSH is a protocol, nothing more, for communicating securly from a local machine, to a remote machine. Typically you would use this link to pipe the input and output of your SHELL over so that you can use that SHELL to execute both shell builtins and executable programs on the remote machine.

You don't use "ssh commands", you call shell commands/execute external programs through the shell which you access via SSH.

shell_exec(), popen, backtick operators, passthru etc are all means of executing programs from PHP. They will exeute under whatever user that PHP is running as (which would be generally, but not always, be whatever user the webserver is running as).

Heres the problem (BTW its parade-raining time):

You want to execute commands as a given user. However, odds are that your php / web environment is run as either nobody, or perhaps apache user.

So, you either have to:

1) Grant nobody/apache/whatever user full access to your files. Techically, chmod 0755 would probably work for executables, but most executabes write output to something (log file, etc). Thus, you would probably need write access as well.

I will leave it to you to think about the ramifications of doing so.

2) You might consider using sudo for something like this.

Either way.. I wouldnt do it. All it would take is one tiny overlooking of user input to potentially 0wn your machine.

Best way to do it?

I would code a custom daemon in C that listens for predefined commands. Run that daemon as the user you need to execute the commands as, and have your frontend talk to it via whatever scripting language you use (php, perl, etc).

This way, if someone were to exploit your soft input checking, at least they wouldnt have free reign on the server to type whatever shellcode they wanted to. At best, depending on what commands you allow or define, they may be able to affect only the processes you are trying to control, not ALL the processes on the box (potentially).

Hope that helps. I didnt say it will be easy though.

I assume, writing a custom C code to listen on a specific port daemonized is an advanced job right? I am mostly into perl, php systems and have a very basic knowledge in C. These type of software will need fork operations as i remember. If thats some type of not very headache issue, i would like to make some research on it :)

livewireh:
For the php shell commands, you can use phpsuexec to run php files under user id, who owns the file.

I assume, writing a custom C code to listen on a specific port daemonized is an advanced job right?

Not to someone who codes in C all day :)

I am mostly into perl, php systems and have a very basic knowledge in C

I only refer to C for its portability and lack of external requirements. You could surely write a daemon in perl or php even that would function as a socket listener for this purpose.

These type of software will need fork operations as i remember.

Not really sure on that. I developed a prototype using php's socket functions that I am currently converting to C that does something similar to what I suggested. I am not doing the C coding however, so I cant really comment on that.

Send me a PM and perhaps we can talk about this further - its a very handy method for developing all sorts of client-server apps.

For the php shell commands, you can use phpsuexec to run php files under user id, who owns the file.

True enough. The security issues with allowing free ssh commands are still pretty bad though. Also, this requires that you have php / apache / phpsuexec installed on all your client machines, which is neither necessary nor efficient.

I am not sure of the performance or stability of them. I was experimenting some control panel gui for myself. It seems to be not professional enough, when i compare it to the ones in the market so thats why i was interested building servers in C. Maybe thats just my apprehension. :)


I only refer to C for its portability and lack of external requirements. You could surely write a daemon in perl or php even that would function as a socket listener for this purpose.

I can understand where you are coming from.

From what I understand of php's socket mechanism, its socket server functions are pretty much what are available in C anyway. Makes prototyping very fast.. I expect that someone with a good knowledge of C should be able to quickly code up something from my prototype.

My reason for not using php, though it works fine, is simply the extra overhead and installation burden it imposes. Nothing more.

livewireh: I believe you are logged under the user that the script is stored by. So if you uploaded the PHP file as root, it's owned by root so you are root when you use it.

But I'm not 100% sure as I haven't used it.

No that is not correct.

1) You dont upload as root. Bad idea...

2) The script owner is beside the point in this case. It is executed as the user php is running as, and unless he is using phpsuexec that would be either nobody or maybe apache.

innova, that was just an example of what livewireh asked

Originally posted by Jason.NXH
livewireh: I believe you are logged under the user that the script is stored by. So if you uploaded the PHP file as root, it's owned by root so you are root when you use it.

But I'm not 100% sure as I haven't used it.
If you upload a file when you are logged in on ftp as root then that file is owned by root, but this does not necesarelly mean that if other user on the system will run that file then it will run it with root permissions. The fille will need to have to suid ( set user id ) bit set in order to work like this.
PHP scripts usually run with the nobody/apache/httpd user on most Linux systems, unless you are running the script on a virtual host that uses phpsuexec.

thanks for repeating what I said :)