How do I from a PHP script scp a file from a remote server ?
I have tried shell_exec("scp remote:file dir") but that does not work because user apaache does not have a shell associated on the remote server, and can therefore not do ssh.
I have tried to create a Copy.sh setuid script created as user1 and use shell_exec("Copy.sh file dir"). However the Apache server (or PHP?) is not changing the uid when Copy.sh is executing despite the setuid flag.
This article
https://serverfault.com/questions/7589/how-do-you-run-a-php-script-as-the-files-owner-rather-than-as-the-webserver-us
advices to install suPHP, which I seem not have installed. Is that the way to go ? I have mod_suexec installed, but this module seems only to be able to change uid of the PHP script itself. Can it be (ab)used to do what I want ?
Perhaps there is a way to supply the ssh keys of user1 to the PHP script, so it can do the copy ?
You can specify in scp which remote-user should be used to connect:
scp someusername@remote:file dir
If you want to run this as Apache-user, you will need to add the PubKey of Apache to the authorized_keys file of someusername on remote.
If Apache-user never connected to remote via SSH before, it may not trust the HostKey. You should add it to the known_hosts file of the user, for example by interactively (in a shell) connecting to remote as Apache-user and typing yes when asked. Or disable the checks using StrictHostKeyChecking=no, however this has security implications.