Running WP-CLI as non-root user


#1

Hello,

I use EE to host multiple WP sites. I am trying to use wp-cli to keep them all updated automatically. I am running into a problem, however, which if I understand the EE conventions for permissions correctly (i.e., /var/www is owned by root:root; everything in www is owned by www-data:www-data) is as follows:

If I log in as root, I can run wp-cli successfully with the --allow-root flag on every command. However, doing plugin and theme updates this way changes the owner of directories and files in /plugins/ to root:root, which causes problems: some plugins fail altogether, and others work but fail to auto-update.

If I log in as a non root user, I cannot run wp-cli commands that require write permissions such as installing, updating, or removing plugins.

Can I solve this dilemma by (a) adding my non root user to the www-data group and (b) moving all of my websites from /var/www/ to a subfolder of my non root user’s home directory (e.g., /home/nonrootuser/websites/?

Or, do you recommend another solution that will allow me to run wp-cli as a non root user?

sincerely,
Larry


#2

Hi.
You can run wp-cli using www-data user, for that, using root you can directly switch to www-data account

  
su - www-data  

#3

Hi Gaurav,

Thank you for your helpful and prompt reply. I couldn’t get this solution to work, but I found an alternative solution to the permissions problem that occurs when running wp-cli as root. In case others are trying to get wp-cli to work on their EE stacks (or in case others can improve upon my solution), I’ll share it below.

When I tried su - www-data, I received this response: This account is currently not available.

Looking into the cause for this response, I found this explanation (i.e., nologin shell assigned to www-data user for security reasons).

Thinking that it is a good thing security-wise to avoid assigning an interactive shell to the www-data user, I looked for another way and discovered that I can run wp-cli as www-data if I use sudo -u www-data [wp-cli command].

Additionally, thanks to this tip I discovered that I can run multiple commands in a bash script like so:

sudo -u www-data -s -- <<EOF  
echo 'Updating example.com...'  
wp --path=/var/www/example.com/htdocs core update  
wp --path=/var/www/example.com/htdocs plugin update --all  
wp --path=/var/www/example.com/htdocs theme update --all  
echo  
EOF

Further, placing such a script in /etc/cron.daily keeps my WP sites updated automatically. Boom.


#4

Hi,
Thanks for nice solution.
We also did the same by activating www-data user. You can activate the account by using part of this article:

  
https://github.com/rtCamp/easyengine/wiki/Sftp-Setup#setup-login-shell--  

#5