0

I'm trying to setup this EC2 instance to listen for a webhook from Github and then run a git pull. The web runs this under the user 'apache'.

I was following: http://jondavidjohn.com/blog/2012/10/git-pull-from-a-php-script-not-so-simple

When I got the last part where you start running:

sudo -u www git pull

My server asks me for the password to "ec2-user". As far as I know you don't get that you just get a key and for the life of me I can't figure out how to run git pull.

From my apache error_log:

Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

To my knowledge I need to add an SSH key but I can't because I don't know the password to ec2-user to run that command for the user 'apache'.

Me trying anything and everything:

<?php
// POST http://example.com/pull.php
putenv("HOME=/var/www/worker");

echo shell_exec("
#!/bin/sh
cd /var/www/html/worker/ || exit
unset GIT_DIR
git pull 2>&1
");

Anyone else run into this?

UPDATE

When I run sudo bash I am then running stuff as

[root@ip-10-233-33-33]#

When I run cat /etc/passwd I can confirm the account that I need to work with is named apache.

When I run su apache I get:

This account is currently not available.

Community
  • 1
Michael J. Calkins
  • 101
  • 4
  • You mention you just get a key. Have you done something to setup an SSH agent or adjust the SSH config so that the web user can find the key? Have you verified that the user PHP is running as has the permissions to read the key? Also, the 'host key verification' is about verifying that the server is who it says it is. Have you checked to make sure you don't have junk in your known_hosts? – Zoredache Aug 14 '13 at 06:13
  • @Zoredache I am running ssh-agent as my user on the EC2 instance. When I try to create a key for that user 'apache' (that's the name from what I've read and www-data doesn't exist) my terminal asks me for the ec2-user password which you never receive. I've read that what's happening is that the server is trying to ask me to add it to my known_hosts or something. I can run git pull when I do "php pull.php" which runs just fine and I get that "Everything's up to date message." – Michael J. Calkins Aug 14 '13 at 06:54
  • isn't the user www (not apache). I think the author mean 'the apache user, named www in ubuntu'. – Drew Khoury Aug 15 '13 at 06:17
  • @DrewKhoury When I ran passwd or whatever the "List all users on this system" command is I had a user named "apache" not "www" or "www-data". Maybe it's because I'm on redhat or that's the way AWS sets up their AMI's. – Michael J. Calkins Aug 15 '13 at 19:47
  • Are you replacing www with apache in your commands? – Drew Khoury Aug 16 '13 at 01:21
  • How'd you end up going with this? – Drew Khoury Aug 26 '13 at 14:16

1 Answers1

1

Did you follow the whole article. In particular:

An easier way I discovered was to give the apache user a home directory (via /etc/passwd) and a .ssh directory and then run the ssh-keygen command as the apache user (www)

$> sudo -u www ssh-keygen -t rsa This creates the keys and puts them in their expected location with the proper permissions applied.

Then I added the key as a read-only key for the BitBucket repository and everything worked as expected.

Drew Khoury
  • 4,637
  • 8
  • 27
  • 28
  • When I run "sudo -u www ssh-keygen -t rsa" the -u arg asks me for ecw-user's password which you don't get when you create an EC2 instance you just get a pem-key file to ssh into it. Otherwise I'm sure I was on the right track until I hit that breaking point. – Michael J. Calkins Aug 15 '13 at 19:49
  • It looks to me like it's asking for the www user password. "The -u (user) option causes sudo to run the specified command as a user other than root." – Drew Khoury Aug 16 '13 at 01:20