-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make it possible to run occ as root #33545
base: master
Are you sure you want to change the base?
Conversation
if (posix_getuid() == 0){ | ||
$command = implode (' ', $argv); | ||
echo(shell_exec('sudo -u www-data '.$command)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (posix_getuid() == 0){ | |
$command = implode (' ', $argv); | |
echo(shell_exec('sudo -u www-data '.$command)); | |
if (posix_getuid() === 0) { | |
$command = implode (' ', $argv); | |
echo shell_exec('sudo -u www-data ' . $command); |
return code is being killed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (posix_getuid() == 0){ | ||
$command = implode (' ', $argv); | ||
echo(shell_exec('sudo -u www-data '.$command)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// make it possible to run as root | ||
if (posix_getuid() == 0){ | ||
$command = implode (' ', $argv); | ||
echo(shell_exec('sudo -u www-data '.$command)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
www-data
might not be the default user name for the HTTP server though, mostly only Debian-based systems use that. RedHat-based systems or ArchLinux use an user named http
by default.
Also, does this forwards environment variables?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what we do in other places is read the user name from the config file, basically the owner of "config/config.php" and use that to check if the correct user is being used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense unless config_is_read_only
is used, then the config file owner could be something irrelevant such as root
, as long as the http server user has read access.
@karlitschek I believe we can close this PR since it was originally planned/needed as a pre-requisite for Nc Guard, right? |
make it possible to run as root Signed-off-by: Frank Karlitschek <karlitschek@users.noreply.github.com>
5ec47c7
to
ab8c6f1
Compare
make it possible to run as root
Signed-off-by: Frank Karlitschek karlitschek@users.noreply.github.com