I have composer installed globally on my server.
I have several different domains/accounts on this server.
As root i can ssh onto the server an can use composer to update packages.
However every packages then has the owner and user of root:root.
When i log in as the account owner I then have insufficient rights to access any of the packages if i need to alter something inside the package.
Is there any way to run composer update and set the user/owner to the account holder other than setup ssh on a per account level?
Many thanks.
I'd say that if you need to be root to deploy software, then you are doing something wrong.
Composer is no deployment tool, it's a dependency manager. And that's what it does: It will download the required software packages and unzip them to the file system - as the user account that is running the install command.
If you want to change that, you have several options, amongst them things like:
su
sudo
set group id flag on the directory (chmod g+s)
collect the files outside the server and put them into place via SCP/SFTP/FTPS as the correct user
not change the dependencies' code as that user, only configuration files
... etc.
Related
I don't understand the difference between composer running as root vs non-root user. Whatever user you run as, you must have to give write access to the main dir where composer stores its assets like vendor, scripts, composer.json and composer.lock.
E.g in my case, my dir structures are like below:-
.test
|-scripts
|-composer.json
|-scripts
|-webroot
|-.env
Say I am running as non-root user, But I must need to give that user to rwx to test dir so that whenever I run composer install it can create vendor, composer.lock and read scripts and execute it inside test dir.
But once you give rwx it can create any malicious script inside it or may access my env file. So how does it matter if you run as root or non-root ?
After spending some more time, I got to know that as composer is a cli script it uses PHP-CLI not PHP-FPM interpreter. PHP-CLI & PHP-FPM both are different thing. Web Server talks to PHP-FPM not to PHP-CLI. So whenever we call composer the composer process is owned by the PHP-CLI owner.
So webroot should be owned by the PHP-FPM owner to make a website work, where composer.json, vendors etc should be owned by the PHP-CLI owner. Both user should be different. Infact test dir should be writable by PHP-CLI owner and not writable by PHP-FPM process owner. Often PHP-FPM is run as owner www-data
I'm new to Laravel and I find this framework awesome.
Artisan is also great but a have a little problem using it.
Let's say that I create a new Controller with Artisan like this
php artisan make:controller Test
There will be a new file in app/Http/Controllers named Test and the permission on this file will be root:root
When I want to edit this file with my editor over ftp I can't because I'm not logged as root.
Is there any ways to tell Artisan to create files with www-data group for example (without doing an chown command) ?
Since you have root shell access, the following command will execute another one using the www-data user-
sudo -u www-data php artisan make:controller Test
Replace www-data with whatever the username your web server operates under, or the username you login to the FTP service with.
When you do this, the controller will be owned by www-data, which is what you want.
Note: do not ever run commands copy-pasted from the internet without knowing exactly what they do, especially in a root shell.
In this case, the -u parameter tells sudo to execute the command as a specific user, not as the root user.
From the manpage:
-u user, --user=user
Run the command as a user other than the default target user (usually root ). The user may be
either a user name or a numeric user ID (UID) prefixed with the ‘#’ character (e.g. #0 for UID
0). When running commands as a UID, many shells require that the ‘#’ be escaped with a backslash
(‘\’). Some security policies may restrict UIDs to those listed in the password database. The
sudoers policy allows UIDs that are not in the password database as long as the targetpw option
is not set. Other security policies may not support this.
I know this is a really old post but I'd also really advise anyone agains editing your Laravel files over FTP. I used to do this in my pre-Laravel days and it NEVER ended well.
Editing over FTP can have all kinds of problems- dropping connection mid-edit being the least of them. Security and live development errors being a much larger concern.
Develop on your local or dev environment, commit/push to git, then either pipeline to your server or handle your FTP uploads and cleanup after the fact. Pipelines are your best bet if your host will allow them. We use Atlassian BitBucket for ours but the set-up and deployment should be relatively similar for most hosts. Check with your host for documentation on their pipeline set-up:
https://www.atlassian.com/continuous-delivery/tutorials/bitbucket-pipelines
There's also some tutorials online for pipelining straight to FTP (if on a shared host, say):
https://www.savjee.be/2016/06/Deploying-website-to-ftp-or-amazon-s3-with-BitBucket-Pipelines/
It is because you ran a command from root user, try to run the command from the user which you using for edit the project via ftp.
I have a Postgres permissions problem, every time i brew install postgres it does so as root user resulting in permissions denial on initdb, createdb and or anything else i try.
I sudo chown the ownership of /usr/local/var/postgres and it seems to change and allow me manual entry into the directory from cmd line, which then only consists of a server.log file listing the error:
postgres cannot access the server configuration file "/usr/local/var/postgres/postgresql.conf": No such file or directory
I then go to initdb and it returns:
The files belonging to this database system will be owned by user "jamesbkemp".
This user must also own the server process.
The database cluster will be initialized with locale "en_GB.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
initdb: directory "/usr/local/var/postgres" exists but is not empty
If you want to create a new database system, either remove or empty
the directory "/usr/local/var/postgres" or run initdb
with an argument other than "/usr/local/var/postgres"
I then go back to look at /usr/local/var/postgresand the owner has changed back to root. I really am at a loss after many hours on this as to what's going on. Any ideas folks?
Postgresql install as non root is a pain if not impossible, because it was not designed this way: it is a multi-user service.
The same thing here: apache2 as non-root - you would have to build the server yourself changing the configuration a lot.
Let me add that for an experienced datacenter operator this is a strange idea, like driving a race car in your appartment.
I built a project using Laravel 5 on my dev machine and now I'd like to deploy it.
One solution that came to my mind is to upload everything using FTP but I guess there is a better way.
I uploaded the composer.json but I receive tons of errors.
I have ssh/root access but using GIT is not an option.
Make sure you can use composer binary on your server and you are set
upload every file except vendor folder (you may use some FTPS manager that reads git-ignore file and does not upload ignored files)
set permissions to ./storage folder (browse thru this severfault thread)
make sure your web server root is ./public
create env file (that is not going to be changed ever, until you want) and do not overwrite it with "local" env file.
$ composer install (installs everything from composer.lock)
$ composer update (updates from repositories again, do test on local before updating on production)
When I try to install any component, specifically my mtwMigrator component, I receive the following error:
* Warning! Failed to move file.
This is on a fresh install, with FTP Layer turned off, with default content installed, Joomla 1.5.14, latest PHP and my_SQL versions, Legacy mode turned on.
A very common cause of this error is due to file permissions. Joomla must be able to copy the files from your component into the components and administrator/components directories. If the system user the webserver runs as does not have write permissions to these folders, it will not be able to copy the files over.
The FTP layer is there to get around this issue. With the FTP layer on, you upload the component to the server first, then it is FTP'ed from the temporary directory to localhost. For this to work, the FTP user you specify must have permission to write to the components and administrator/components folders.
I had a similar problem when moving between machines (I know you said it was a fresh install - but someone might find this helpful). Ensure the $tmp_path entry in joomla\configuration.php is pointing to a valid directory. Mine wasn't.
In your Joomla backend, on the top menu, go to Help >> System Info >> Directory Permission and ensure that that are writable otherwise you don't want to have to change the folders to 777 and back again each time you install an extension.
In addition to this, you can mass chmod folders and files using Akeeba Admin Tools.
You mgiht also want to update to the latest Joomla 1.5 version (1.5.26)
The most ideal permission for Joomla directories is 755. There are cases when mod_suphp is not installed that the permission problem would occur.
Make sure that mod_suphp is installed and loaded by checking your php info e.g. and running this on your browser. If mod_suphp is not installed, then you will need help from your hosting provider to install this for you.
Normally, all directerories should have 755 (rwxr-xr-x) and all files 644 (rw-r--r--). If you want to set the most directories to not-writetable, you will need at least the directories listed in Help > System info > Directory Permissions. (Here you can also check which directories need to be changed, as non-writetable directories are shown in red.)
In some shared hosting environments, 755 / 644 isn't enough, as the owner of the file is not the (Web)Server User, but the FTP-User ... so either change it to 777 / 666 (not recommended, as you allow others to write your files), or get your FTP layer to work.
Another try: Joomla! does not work yet with the recent PHP 5.3. Can you use PHP 5.2? (Similar Problem in the Joomla Forum)