PHP 执行 pgp 命令
我想使用 PHP 来“执行”pgp 加密命令。 无论命令行如何,我都会收到 err 64(解析器错误)或 162(编码期间完全失败)。 因此,我将 PHP 程序中的命令行简化为这个简单的指纹显示,但仍然会出错:
exec("/opt/pgp/bin/pgp --fingerprint", $results);
如果我在命令行上运行“/opt/pgp/bin/pgp --fingerprint”,我会得到“找到 2 个密钥”,并且预期的显示。 但是 PHP 下的同一个 exec 给了我解析器错误 64。我已经尝试过“\n”到字符串命令,但这没有什么区别。 用户在浏览器中以“nobody”身份运行,该浏览器对 pgp 具有执行权限。 (如果 pgp 至少没有启动,我什至不会从中看到“解析器错误”。)
为了在 PHP 下运行 pgp,我需要做一些特殊的事情吗?
我又回去尝试实际加密数据文件。 这是 pgp 创建的“状态文件”输出。 它清楚地显示了我尝试加密“test.txt”的文件的最后一行“权限被拒绝”的错误。 那是假的。 我已授予该文件所有的读写权限,并且它显然可以访问它,因为状态表明它已加密内容。 所以,真正的问题是什么许可被拒绝?
其他一些信息:如果我从命令行针对这个调用 pgp 的 PHP 脚本运行 PHP,它工作正常 - 文件被加密。 另外,当从浏览器调用时,PERL 运行相同的命令(使用 SYSTEM())。 但是,当浏览器用于调用此 PHP 脚本时,它会失败。 显然,以“无人”身份运行存在一些权限问题。
/export/home/pgphome/.pgp/pubring.pkr:打开密钥环(1006:公钥环) /export/home/pgphome/.pgp/secring.skr:打开密钥环(1007:私有密钥环) 0x221DC947:加密(1030:密钥已添加到收件人列表) /export/home/eckankar/dev/www/info/test.txt:加密(3048:使用密码 AES-128 加密的数据) /export/home/eckankar/dev/www/info/test.txt:加密(3124:权限被拒绝)
这里的背景是 PHP exec() 命令的参数: /opt/pgp/bin/pgp --加密 /export/home/eckankar/dev/inc/test.txt --输出 /export/home/eckankar/dev/www/info/test.xxx -r 成员资格 --overwrite删除 --home-dir /export/home/pgphome/.pgp -v --status-file /export/home/eckankar/dev/inc/test.txt.err
此命令中的所有文件夹/目录已授予 'rwx ' 致全世界。
这是加密成功时状态输出文件的样子,就像从命令行 (/opt/csw/php5/bin/php test.php) 运行而不是通过浏览器运行一样:
pgp:encrypt (3157:current当地时间2009-06-30T11:51:17-05:00) /export/home/pgphome/.pgp/pubring.pkr:打开密钥环(1006:公钥环) /export/home/pgphome/.pgp/secring.skr:打开密钥环(1007:私有密钥环) 0x221DC947:加密(1030:密钥已添加到收件人列表) /export/home/eckankar/dev/inc/test.txt:加密(3048:使用密码 AES-128 加密的数据) /export/home/eckankar/dev/inc/test.txt:加密(0:输出文件/export/home/eckankar/dev/inc/test.txt.pgp)
I am want to use PHP to 'exec' a pgp encryption command. Regardless of the command line I get either a err 64 (parser error) or 162 (complete failure during an encode). So I have reduced the command line within the PHP program to this simple fingerprint display which stills errs out:
exec("/opt/pgp/bin/pgp --fingerprint", $results);
If I run "/opt/pgp/bin/pgp --fingerprint" on a command line I get "2 keys found" and the expected display. But the same exec under PHP gives me the parser error 64. I have tried "\n" to the string command and that does not make a difference. The user runs as 'nobody' in the browser which does have execute permission on pgp. (If pgp was not at least starting up I would not even see the 'parser error' from it.)
Is there something special I need to do in order to run pgp under PHP?
I have gone back to trying to actually encrypt a data file. Here is the 'status-file' output that pgp creates. It clearly shows an error on the last line of 'permission denied' on the file I am trying to encrypt 'test.txt'. That is bogus. I have granted all the world r/w to that file and it clearly accesses it becuase the status says it has encrypted the contents. So, really the question is what is permission being denied to?
Some other info: if I run PHP from the command line against this PHP script which calls pgp it works fine - the file gets encrypted. ALso, PERL runs the same commands (using SYSTEM()) when called from the browser. BUT, when the browser is used to call this PHP script it fails. Clearly, there is some permission problem running as 'nobody'.
/export/home/pgphome/.pgp/pubring.pkr:open keyrings (1006:public keyring)
/export/home/pgphome/.pgp/secring.skr:open keyrings (1007:private keyring)
0x221DC947:encrypt (1030:key added to recipient list)
/export/home/eckankar/dev/www/info/test.txt:encrypt (3048:data encrypted with cipher AES-128)
/export/home/eckankar/dev/www/info/test.txt:encrypt (3124:permission denied)
As background here is the argument of the PHP exec() command:
/opt/pgp/bin/pgp --encrypt /export/home/eckankar/dev/inc/test.txt --output /export/home/eckankar/dev/www/info/test.xxx -r membership --overwrite remove --home-dir /export/home/pgphome/.pgp -v --status-file /export/home/eckankar/dev/inc/test.txt.err
ALl the folder/directories in this command have granted 'rwx' to the world.
Here is what the status output file looks like when the encrypt succeeds as it does if run from a command line (/opt/csw/php5/bin/php test.php) rather than through the browser:
pgp:encrypt (3157:current local time 2009-06-30T11:51:17-05:00)
/export/home/pgphome/.pgp/pubring.pkr:open keyrings (1006:public keyring)
/export/home/pgphome/.pgp/secring.skr:open keyrings (1007:private keyring)
0x221DC947:encrypt (1030:key added to recipient list)
/export/home/eckankar/dev/inc/test.txt:encrypt (3048:data encrypted with cipher AES-128)
/export/home/eckankar/dev/inc/test.txt:encrypt (0:output file /export/home/eckankar/dev/inc/test.txt.pgp)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
答案是:需要在命令行中指定一个--temp-dir。
Answer is: need to specify a --temp-dir in the command line.
该 PHP 脚本在什么执行上下文中运行? 交互式命令行、cron 作业、Web 服务器(我希望不是)?
根据这个问题的答案,我可能会开始查看 PGP 所依赖的环境变量,这些变量在从该脚本运行时未设置。
What execution context is this PHP script running in? Interactive command line, cron job, Web server (I do hope not)?
Depending on the answer to that, I might start looking at environment variables that PGP depends on which aren't set when it runs from this script.
我知道这已经很旧了,但我只是被它咬住了。 (pgp 8.5)
正如 Jim Thomas 所说,这是一个目录权限问题。 但至少 pgp 8.5 不允许你以我能看到的任何方式设置 tmpdir。
我的解决方案(伪代码):
奇怪的是 pgp 强制在 cwd 中创建 tmp 目录,但我没有看到任何标志影响位置。
I know this is old, but I just got bit by it. (pgp 8.5)
As Jim Thomas said, this is a directory permission issue. But at least pgp 8.5 doesn't allow you to set tmpdir in any way I can see.
My solution (pseudocode):
Odd that pgp forces the tmp dir to be created in cwd, but I saw no flag to affect location.