How to make GPG keys accessible for PHP shell_exec

Question

I am working on a script that needs to run a perl script via command line (using shell_exec()). To set up the script I needed to generate a GPG key on my end, and import their public key into my GPG keyring.

The perl script works fine when I run it as the ROOT user, but when running through PHP it throws this error message:

"An error occured when attempting to sign the request"

I assume this means that the GPG keys I have set up in my root user are not accessible to the user PHP is running its shell commands under (i.e. apache).

How should I go about solving this?

I don't know if I need to login as apache and import the keys, or if there is a command to run as root to allow them to be shared to the apache user... Any ideas would be great :)

Answer 1

Correct. Obviously, you don't want some mere mortal user like "apache" being able to sign things as root!

So you'll want to configure GPG for the apache user. This is usually painful, since the apache user typically can't get a shell.

I'd try setting up /home/<apache-user> directory, if it doesn't exist (probably doesn't). Then try setting up GPG for the apache user. You can probably get it to work as root by passing --home-dir=/home/<apache-user> to the gpg binary.