admin管理员组文章数量:1122832
Over the past several years, WP-CLI has become pretty popular, but there's still a lot of warnings about the --allow-root flag for security reasons, and instead developers are urged to use non-root users.
But, there's also a lot of cases, like setting up crontab jobs to repeat certain tasks, where --allow-root ensures that the tasks are run properly without interaction.
Which commands might be "safely" run using this flag, esp. in cron jobs?
Over the past several years, WP-CLI has become pretty popular, but there's still a lot of warnings about the --allow-root flag for security reasons, and instead developers are urged to use non-root users.
But, there's also a lot of cases, like setting up crontab jobs to repeat certain tasks, where --allow-root ensures that the tasks are run properly without interaction.
Which commands might be "safely" run using this flag, esp. in cron jobs?
Share Improve this question asked Mar 28, 2024 at 15:30 Jesse NicklesJesse Nickles 7357 silver badges19 bronze badges 3- Related: wordpress.stackexchange.com/questions/354247/… – Jesse Nickles Commented Apr 5, 2024 at 9:34
- Related: wordpress.stackexchange.com/questions/376682/… – Jesse Nickles Commented Apr 5, 2024 at 9:34
- Related: wordpress.stackexchange.com/questions/236725/… – Jesse Nickles Commented Apr 5, 2024 at 9:35
1 Answer
Reset to default 3No commands are safe when ran as root. Even the help screens aren't safe as root.
The reason the --allow-root flag is considered dangerous is not because of what the CLI commands themselves do, but because your entire sites code is loaded when WP CLI runs, but now as root. This would mean any hidden malware would now have root on your server, and any code that makes a mistake has no guard rails to prevent it destroying the entire machine. For this reason all commands are just as dangerous.
Fundamentally, it should never be necessary to run WP CLI as a root user, and if you're logged in as root you can still run WP CLI as another non-root user to avoid the security issues via sudo, e.g. this is one way to do it:
function noroot() {
sudo -EH -u "your_web_user" "$@";
}
noroot wp post list # <- runs as your_web_user not root
This is one of many ways to run WP CLI as another user even when in a root shell. Using a shell session with a non-root user is still preferable though.
本文标签: securityWhich WPCLI commands can be safely run with allowroot flag
版权声明:本文标题:security - Which WP-CLI commands can be safely run with --allow-root flag? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736307018a1933168.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论