Hidden Directories

XN85Turbo

I am trying to do a "fwrite" to a file in a hidden directory. Actually I am building an interface for loading ssh keys into the users .ssh directory

/home/user/.ssh/authorized_keys2

I can write to the file if it is in;

/home/user/ssh/authorized_keys2

any ideas on how to do this correctly. I'm thinking if it wont let me, to move the dir to a non hidden dir, write the file, then move it back. But I am looking for a simpler solution.

kburger

It's hard to guess without seeing your code, but it sounds like it's the '.' that's throwing things off. Try escaping the '.' A directory is a directory. There's nothing hidden about it from PHP's perspective.

It might also be a permissions problem, especially considering it's the ~/.ssh directory. Only the owner should be able to write to that directory (or read from, for that matter). What's the error message?

dewen

make sure your apache web server running as a user that has write permission to
/home/user/.ssh/

check your httpd.conf

wilku

and make sure you don't post the same question in more then one forum 😉

XN85Turbo

The only way I was able to get it to work was by moving the folder, which I wish I didn't have to do.

dewen: In linux to get a user to do something as someone else you implement sudo 🙂. Because apache runs as "nobody" look in your httpd.conf.

code:

<?php
//if(!empty($GET)) extract($GET);
if(!empty($POST)) extract($POST);

// Get info from POST
$user = $POST['username'];
$pass = $POST['password'];

//move hidden directory .ssh
$move = exec ("sudo mv /home/$user/.ssh /home/$user/ssh");

//Change file permissions to write ALL
$write = exec ("sudo chmod 666 /home/$user/ssh/authorized_keys2");
$write2 = exec ("sudo chmod 777 /home/$user/ssh");

//Write user ssh key into ssh/authorized_keys2 file
$filename = ("/home/$user/ssh/authorized_keys2");

$somecontent = "$pass\n";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

if (!$handle = fopen($filename, 'a')) {
echo "Cannot open file ($filename)";
exit;
}

// Write $somecontent to our opened file.
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}

// echo "Success, wrote ($somecontent) to file ($filename)";

fclose($handle);

} else {
echo "The file $filename is not writable";
}

//Change file permissions back

$write3 = exec ("sudo chmod 600 /home/$user/ssh/authorized_keys2");
$write4 = exec ("sudo chmod 700 /home/$user/ssh");
$move2 = exec ("sudo mv /home/$user/ssh /home/$user/.ssh");

header("Location: success2.php");
?>

dewen

I'm not familiar with it, but how do you configure the sudo for nobody?

XN85Turbo

Try looking at /etc/sudoers and you will see. For example if you wanted the group "nobody" to be able to run all commands as root (sudo) you would put this in the sudoers file;

nobody ALL=(ALL) NOPASSWD: ALL

now what each line means;

nobody = group
ALL = machines like localhost etc...
=(ALL) = commands like /sbin/shutdown -h now
NOPASSWD: ALL = no password needed

Play with it you will see. I know this because I let regular users execute a few commands as root without giving them root access to the whole machine.

dewen

Thank you for the explain. I tried following code on my machine:

 
var_dump(is_file('/home/dewen/.ssh/x'));
echo '<BR>';
var_dump(is_readable('/home/dewen/.ssh/x'));
echo '<BR>';
var_dump(is_writable('/home/dewen/.ssh/x'));
$fp = fopen("/home/dewen/.ssh/x", "w");	
$line = 'xyz';
fwrite($fp, $line);
fclose($fp);

it works so I think hidden dir should not be a place where you looking for problem. May be sudouser or sushiuser

XN85Turbo

This is how I did it to make it work: Your code works like a champ.

code:

<?php
if(!empty($POST)) extract($POST);

// Get info from POST
$user = $POST['username'];
$ssh = $POST['sshkey'];

//Change file permissions to write ALL
$write = exec ("sudo chmod 666 /home/$user/.ssh/authorized_keys2");
$write2 = exec ("sudo chmod 777 /home/$user/.ssh");

var_dump(is_file("/home/$user/.ssh/authorized_keys2"));
echo '<BR>';
var_dump(is_readable("/home/$user/.ssh/authorized_keys2"));
echo '<BR>';
var_dump(is_writable("/home/$user/.ssh/authorized_keys2"));
$fp = fopen("/home/$user/.ssh/authorized_keys2", 'a');
$line = "$ssh\n";
fwrite($fp, $line);
fclose($fp);

//Change file permissions back to original
$write3 = exec ("sudo chmod 600 /home/$user/.ssh/authorized_keys2");
$write4 = exec ("sudo chmod 700 /home/$user/.ssh");

//Change file and owner permissions since Apache runs as "nobody"
$chown = exec ("sudo chown $user /home/$user/.ssh/authorized_keys2");
$chgrp = exec ("sudo chgrp \"Domain Users\" /home/$user/.ssh/authorized_keys2");
?>