[nycphp-talk] Can't do PHP 'exec' for an rsync command via web server
Greg Rundlett (freephile)
greg at freephile.com
Mon Jun 25 14:51:39 EDT 2012
Although it's a bit confusing, the man page for rsync describes how to
invoke SSH to as your remote shell, and the manpage for SSH describes how
to do key-based authentication. Taken together, these methods can help
when a normal user environment is not present (e.g. in a web script, or
from cron). This webpage offers a good explanation of HOWTO
http://troy.jdmz.net/rsync/index.html
Greg Rundlett
On Mon, Jun 25, 2012 at 1:14 PM, Daniel Convissor <
danielc at analysisandsolutions.com> wrote:
> Hi David:
>
> > It was very wise of Hans to also recommend to create
> > /home/apache instead of using the default /var/www because a nasty user
> > could have easily accessed the .ssh directory there and gotten the
> > public/private keys, and the known hosts.
>
> Well, they still do. Though the attacker would have to be able to
> add/edit a script on your server, putting in code that reads the
> files from the /home/apache dir.
>
> --Dan
>
> --
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> data intensive web and database programming
> http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120625/c36291a0/attachment.html>
More information about the talk
mailing list