Comments (6)
I'm glad to see this issue raised. I was trying out CLI (awesome tool btw) on a staging server and was a bit surprised by sudo (+ the lack of information relating to what it was doing).
In addition to the considerations you mentioned, would it also be possible to document the likely commands that require elevated privileges elsewhere (like developer docs)?
Typically, I'd run ghost-cli with a user that has no sudo access. If sudo is required for basic cli functions it would be nice to at least lock it to a set of available commands (ex. sudo mv someFilename /lib/systemd/system) even if the docs aren't exact and require some reasoning by the admin.
from ghost-cli.
Yup, actually we did figure out a solution to work around the need for sudo in the ghost user π. The only thing it would need it for is auto/1-click-updates, which (at the moment), won't happen until sometime after ghost 1.0. However, one of the things that goes in the systemd configuration is a auto-restart directive, which means that on auto or 1-click updates, Ghost can just kill itself once all of the new stuff has been downloaded, and rely on systemd to restart the process, which will then pick up the new updates.
from ghost-cli.
@acburdine if you list all the sudo commands that ghost user needs to use I will create a sudo profile fit for that purpose.
from ghost-cli.
I have tested the sudo requirements for a little bit and it appears that following sudoers commands will be sufficient for ghost
user (this is on Centos 7):
ghost ALL=(root) NOPASSWD: /bin/systemctl start ghost*, \
/bin/systemctl stop ghost*, \
/bin/mv ghost_*.service /lib/systemd/system, \
/bin/rm /lib/systemd/system/ghost*
Please bear in mind that above sudoers setup is not considered safe due to wildcards.
I see two solutions to have safe persmissions for ghost-cli - one is to take above sudoers and add all the exceptios for wildcards (eg. !/bin/systemctl stop ghost* *
) which is a bit messy. Second is to have a script owned by root that will be used by ghost user via sudo. This way single line would be enough in /etc/sudoers
file. Example file could be /usr/local/bin/ghost/ghost_cli.sh
which would be used by Ghost-CLI with sudo.
So for example you would type ghost start
and ghost-cli would do sudo /usr/local/bin/ghost/ghost_cli.sh start
.
I'm not sure if that's the most elegant solution but that's certainly a possibility.
from ghost-cli.
@PaszaVonPomiot thanks for that list! One of the things that we've planned to do before releasing Ghost-CLI 1.0 is the creation of a user account specifically for Ghost itself during setup (similar to what MySQL does). The idea is that you'll run ghost-cli commands as root/a full sudo user, and the Ghost process itself will be run as a specific (non-sudo, possibly rooted) user.
from ghost-cli.
@acburdine yes I've seen the plan for ghost-cli 1.0. I fully agree with ghost-cli creating system user and database user with permissions fit for purpose. The sysytem user account would need to perform systemctl start/stop ghost_*.service
command. Can we achieve that without sudo?
from ghost-cli.
Related Issues (20)
- Ghost instances not starting up: They get stuck at "Starting Ghost: HOT 1
- ghost cli config help ambiguity HOT 1
- ghost-cli complains about systemd files corrupted, then about "ghost" user not created when recreating them HOT 1
- Strictly following the Ubuntu install guide on Ubuntu 22.04 fails, because the `root` MySQL user gets created with `auth_socket` auth, not a password HOT 5
- Handle email sending failures during setup more cleanly HOT 2
- Ghost install did not create system/nginx-root folder HOT 1
- Command failed: yarn install --no-emoji --no-progress HOT 1
- Create users from client HOT 2
- Access denied for user 'root'@'localhost' HOT 5
- installation fails with success message - database empty HOT 4
- Installation Issues - Blinking at Step 4 & 5 HOT 3
- The underlying principle of Ghost-CLI HOT 1
- The way ghost doctor checks permissions could be improved HOT 1
- Systemd _precheck() code could be improved HOT 1
- Ghost install thinks itβs running in a non interactive shell HOT 6
- latest ghost-cli start crashing on freebsd stable/14 HOT 5
- Change font HOT 1
- Faulty ghost install from ghost install/update --archive or --zip HOT 3
- Local Ghost Installation Permission Issue HOT 1
- Add Dynamic Internal Linking via JSON input
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ghost-cli.