问题描述

我正在尝试从浏览器运行git pull的php脚本，但是我得到了"sh:连接到主机git.assembla.com端口22:权限被拒绝"

I'm trying to run git pull in a php script from a browser, but I got"sh: connect to host git.assembla.com port 22: Permission denied"

<?php
$output=array();
$returnVar=0;
chdir("/var/www/html");
exec('git pull [email protected]:andrewadel.git master 2>&1', $output , $returnVar);
// exec('pwd', $output , $returnVar);
echo "<pre>\n";
echo "return status: $returnVar\n\n";
print_r($output);
echo "</pre>\n";

当我以"apache"手动运行脚本时，一切都很好

when I manually run the script as "apache", everything is fine

bash-4.1$ whoami
apache
bash-4.1$ php gitsync.php
<pre>
return status: 0

Array
(
    [0] => From git.assembla.com:andrewadel
    [1] =>  * branch            master     -> FETCH_HEAD
    [2] => Already up-to-date.
)
</pre>

当我从浏览器中运行时，它会失败

When I run it from a browser, it fails

http://103.7.164.33/gitsync.php?111

return status: 1

Array
(
    [0] => ssh: connect to host git.assembla.com port 22: Permission denied
    [1] => fatal: The remote end hung up unexpectedly
)

谢谢

推荐答案

这里有很多变量...但是我正在使用的远程cgi脚本面临着几乎完全相同的行为.

A lot of variables here... but I faced pretty much exact same behavior with a remote cgi script I was working on.

就我而言，该问题与CentOS上的SELinux有关.

In my case the issue was related to SELinux on CentOS.

user@remoteserver:~$ getsebool -a | grep httpd

显示:

...
httpd_can_network_connect --> off
...

测试可能的修复程序(sudo或以root身份运行):

Test Possible Fix(sudo or run as root):

user@remoteserver:~$ setsebool httpd_can_network_connect=1
//...then initiate your serverside script remotely

永久修复(如果已证明有效):

Permanent Fix(if above has proven effective):

user@remoteserver:~$ setsebool -P httpd_can_network_connect=1

-P选项可确保在将来重新引导时将主题SELinux布尔值设置为默认值.看:man getsebool和man setsebool

-P option ensures subject SELinux boolean value is set to specified value as default on future reboots.See:man getsebool andman setsebool

这篇关于php运行git得到"ssh许可被拒绝"；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！