0

I have been struggling for three days now to execute a bash script using php. The setup is as follows: php in local machine ---> using aws sdk for php ---> starts an ec2 instance. - This works. Post getting the ec2 instance running, I am using 

exec("bash /var/www/html/pushDatToAWS.sh")

This bash file is in my local machine and it has 777 rights and is owned by user:www-data. To provide aws credentials to PHP i am using the following code:

config.php

<?php
define("KEY",'abcde');
define("SECRET:,'secret');
define("REGION",'region');
define("VERSION" ,'version');
?>

connectToAWS.php

require('config.php');
require 'vendor/autoload.php';
use Aws\Ec2\Ec2Client;

$ec2Client = new Ec2Client([
    'region' => REGION,
    'version' => '2016-11-15',
    'credentials' => [
        'key'    => KEY,
        'secret' => SECRET
    ],
]);

$action = 'START';

$instanceIds = array('i-abcde');

if ($action == 'START') {
    $result = $ec2Client->startInstances(array(
        'InstanceIds' => $instanceIds,
    ));
} else {
    $result = $ec2Client->stopInstances(array(
        'InstanceIds' => $instanceIds,
    ));
}

This code works correctly. I am able to connect to aws and initiate the instance. Upon initiating the instance, I am trying to execute the bash script which fails. 

exec("bash /var/www/html/pushDatToAWS.sh >> $trainLog");

pushDatToAWS.sh

ipad='12.345.543.21'

while true; do
    echo "Checking for Working directory status"
    ssh -i /var/www/html/IRISONTHECLOUD_OREGON.pem ubuntu@$ipad "bash /home/ubuntu/irisbuilder/checkWorkingDir.sh $dirName" 
    if [ $? -eq 0 ]
    then
        echo 'Working directory status check complete'
        break
    fi
    sleep 1
    echo -n 
done

The pem file is modified to 400 and is owned by username:www-data. However, I am getting the error:

Load key "/var/www/html/IRISONTHECLOUD_OREGON.pem": Permission denied
[email protected]: Permission denied (publickey).

I found an aws developer blog speaking about similar problem here. Going by the suggestion given by the developer, I have added the following to my pushDatToAWS.php

putenv('AWS_DEFAULT_REGION=' . REGION);
putenv('AWS_ACCESS_KEY_ID=' . KEY);
putenv('AWS_SECRET_ACCESS_KEY=' . SECRET);

before calling exec(bash ...). I have been trying various options that I lost count of, but I could not trigger the bash script using php. Can someone provide me a workable example. I even tried hard coding the key and secret on the php file, but still wasn't working beyond initiating the ec2 instance. However the entire bash script works perfectly when I manually execute it from the terminal.

Improve this question

2 Answers 2

Reset to default
1

As you noted, your problem is situated here:

Load key "/var/www/html/IRISONTHECLOUD_OREGON.pem": Permission denied

You said that your script is running as "user:www-data" and the PEM file permissions 400 for "username:www-data"? I'm guessing there's a typo and both are set for the same user (username != user).

Your bash script appears to be able to run, so directory level permissions seem to allow listing contents of the "/var/www/html/" directory.

Next best guess is you moved the PEM file from a directory outside of "/var/www" to the "/var/www/html/" directory, which preserved SELinux labels of the original directory. This could be blocking your WebServer process from reading the PEM file. You can check this by comparing the PEM file SELinux labels versus the directory it is in:

ls -laZ /var/www/html/IRISONTHECLOUD_OREGON.pem
ls -laZ /var/www/html

Then if it is the wrong SELinux labels, you can set the PEM file SELinux labels simply by referencing the "/var/www/html" directory:

chcon -R --reference=/var/www/html /var/www/html/IRISONTHECLOUD_OREGON.pem

If this does fix your issue, then you should also think about what changing this SELinux label implies for the security of this SSH key (eg. other scripts running on the server)

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you...I never knew anything that you are suggesting...i did try with ls -laZ with and without the pem file....the output for .pem file were exactly the same., the first line printed only for the pem file while the second one printed all the files in the folder. However the details pertaining to pem file were the same. I tried changing the context and got the message chcon: failed to get security context of '/var/www/html': No data available. I don't know how to read this.
yes, the script is running as user. The user name is iris. I could run the bash script from my terminal without any issues.
Thank you....I finally got it working...apparently, I need to set the permissions to www-data:www-data for both the bash as well as the php script. The setting of username:www-data failed. Thank you for all the help.
0

I am just posting this answer to complete this question and believe it might come in handy to someone who is testing these tools for the first.

To run the bash script on EC2 instance from a local PHP file, one needs to perform the following:

  1. wherever you have the pem file provide ownership of the file to www-data:www:data
  2. change the mod level to 400
  3. use AWS SDK FOR PHP. The basic code given in the documentation (also in the question here) works without a problem.
  4. Once you have established initiated the aws instance, use the bash script to run all your programs.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.