Execute SSH commands using PHP

[TonyK]

Hi,

I am trying to create a PHP script ("repair-correct.php") in order to run some CLI commands without using PuTTy - The CLI commands are needed to repair/correct the execution of a web application named Mautic.

Shared web host account with PHP 7.0

URL: https://www.myserver.com

Mautic directory: https://www.myserver.com/mautic

 

What I want to do is:

Step1: Change ownership of files and folders
The files and folders could be owned by the wrong user. Thus I continue to experience errors even with the correct file and folder permissions. This is because the user may not have the permission (as they are not the owner of the files/folders) that is required.

To find out which user Apache is running as, I want to execute the following command and take note of the first entry in the line which is returned:

ps aux | grep apache2

I want to use this information to find the groups with the following command

groups apache_user

(where apache_user is the user I identified from the first step above)

To reset the ownership of files and folders, I want to use the following command (ensuring that I replace apache_user and apache_group with the values identified in the steps above):

sudo chown -R apache_user:apache_group

With this command I want to change ownership, using the -R flag which means recursively - including all files/folders within that location.

 

Step 2: Reset the file and folder permissions
Some of the file and folder permissions are incorrect, I want to run the following commands to reset them

find . -type f -not -perm 644 -exec chmod 644 {} +
find . -type d -not -perm 644 -exec chmod 755 {} +
chmod -R g+w app/cache/ app/logs/ app/config/
chmod -R g+w media/files/ media/images/ translations/
rm -rf app/cache/*

 

Thanks so much for your help in solving this problem!

 

Best,

Tony

 

 

 

 

[gw1500se]

https://www.php.net/manual/en/book.ssh2.php

[gizmola]

Hi Tony,

Is this a symfony app?  Are you getting incorrect ownership due to running command line as an OS user?  My first suggestion is to stop doing that, as it's guaranteed to mess up your ownership in this type of scenario.

I'm not seeing why you need ssh whatsoever.  A bash or php script would do the job.

Look at the various exec and related commands.

I would have to question why you don't simply cron your bash script and run it every 5 minutes.    Much simpler and less invasive.  Write the script, put it in /usr/local/sbin or /usr/local/bin.  sudo su - {appropriate user to run script}.  crontab -e.  Add an entry to run at the periodicity you desire.  I don't know that you want to blindly delete the app/cache dir contents every 5 minutes if you don't have to.  Bash is a relatively full programming language where you can do standard if-then-else logic.

With that said, you can also write a command line php script and invoke it in a cron exactly as you would a bash script.  Or you can call the php command line scripts from bash.

None of these ideas require ssh, and I don't really see what you need to run this remotely for if you have it running under cron automatically for you.  

If you are convinced you need remote execution,  you could exec a script from a php page, but of course that will run as the OS user, and if you need sudo to correct some problems, you certainly wouldn't expect the apache user to have either a shell or su or sudo.  

A sysadmin/Devops person would turn to Anisible or Puppet for on demand controlled execution and administration of a cluster of servers, vpc's or what have you, but Ansible could work for you as well.  Of course it might not be possible for you to install these tools in a shared hosting situation.  

[TonyK]

Hi Gizmola,

Thank you for the in-depth answer. Yes, Mautic is a Symfony app and yes, it seems to be an ownership problem. I installed Mautic using Softaculous - at first it ran OK and after some configuration work that is part of the app it stopped and produced an error page and in checking the error log the recorded error messages were all like the following one:

 

[2020-03-22 14:30:05] mautic.WARNING: PHP Warning - require(/home/bestback/public_html/mautic/app/cache/prod/doctrine/orm/Proxies/__CG__MauticCategoryBundleEntityCategory.php): failed to open stream: No such file or directory - in file /home/bestback/public_html/mautic/vendor/doctrine/common/lib/Doctrine/Common/Proxy/AbstractProxyFactory.php - at line 209 {"className":"Mautic\\CategoryBundle\\Entity\\Category","classMetadata":"[object] (Doctrine\\ORM\\Mapping\\ClassMetadata: Doctrine\\ORM\\Mapping\\ClassMetadataInfo@000000002f452922000000005b9391a3)","proxyClassName":"Proxies\\__CG__\\Mautic\\CategoryBundle\\Entity\\Category","fileName":"/home/bestback/public_html/mautic/app/cache/prod/doctrine/orm/Proxies/__CG__MauticCategoryBundleEntityCategory.php"} []

 

I am working on that problem since and all I found were the CLI commands that should correct the problem.

Several posts indicated that this error message indicates a ownership problem. The app Mautic is trying to access files as a different user than the OS user.

Perhaps, you have an idea which commands to use in order to correct that problem: So that OS user = Mautic user = Directory/Files owner

If that is the solution I would not need all the other code and I could make use of your other advice

 

Again, thank you so much for your help!

Stay well!

Best,

Tony

 

 

[gizmola]

With older symfony apps there is the concept of environments.  Symfony used to come with a seperate controller for 3 environments (prod [production], dev [development] and test [unit tests]).  So I would expect that you are configured as production, which means that your app is running the app_prod.php front controller.  This will be setup to operate in the same way that apache will often be configured to run by default an index.php file if you access a webspace path directly as in http://www.somesite.test/.  With Mautic, things have been configured to run the app_dev.php frontcontroller for every application request.

The other thing you have to understand is that symfony generates lots of code, which is what actually gets run.  This involves twig templates, doctrine models, routes and lots more stuff.    Symfony comes with a console app that has various command that let you generate this code, however, it may be that the apache user doesn't have effective read perms on the files the OS user generated.  

So my simple fix would be to do this:

-have script delete the entire app/cache/*  contents recursively, which your bash command list does.   Prior to doing this you might want to explore the contents of that dir.  You will have a directory for any environments that ran, which I would expect ideally would only be a prod directory.  As you can see in the logs you showed, the runtime is trying to access some doctrine orm model proxies that couldn't be opened.  

Assuming this is the issue, once you delete the directory, open the Mautic app.  This will cause all the code generation to kick in and all these files and directories will be owned by the effective web user.  That user does need the ability to read/write/execute in the app/cache directory.  It might take a few seconds for all the code generation to occur as you are essentially "warming the cache" manually, but once the files are generated they won't be generated again and everything should run at full speed.

You could also add your own web function that would clear the cache from the web app, but if the web app is in a situation where it doesn't actually own the directory and/or files in question, there is no way for that user to fix anything once it's broken, and only the account that owns the files will be able to delete/chmod/chown them (or via root or sudo).

Assuming you deleted the app/cache/prod user, and ran the Mautuc app, you shouldn't encounter any problems.  Not knowing what came with Mautic, it could be that there are scripts being run on some schedule that undo the issue you will be fixing, but removing the app/cache/prod directory should fix the problem.

[TonyK]

That makes sense - I will do as you say.

Thank you so much!

Best,

Tony