不要以超级用户超级用户身份运行composer install [英] Do not run composer install as root super user
问题描述
我想制作.sh文件,以自动将Web页面从github部署到生产环境.我需要在其中运行composer install,但是在运行它时,它向我发出警告,请不要以超级用户超级用户身份运行composer install!事实证明,这是出于安全原因.但是我还需要运行其他需要执行的命令删除一些文件和目录.
I would like to make .sh file for automatic deploy web pages from github to production. I need to run composer install in it but as I run it, it throws me warning Do not run composer install as root super user! As found out it is because of security reasons. But I need to run also other commands which needs to e.g. delete some files and directories.
我发现解决此问题的方法是:
The solution I found to fix this is:
composer install --no-scripts --no-interaction
问题是:够了吗?是-no-script 解决方案吗?最佳做法是什么?
The question is: Is it enough? Is --no-script the solution or not? What is the best practice?
推荐答案
最佳实践是根本不对作曲家命令使用 sudo .如果您需要 sudo 作曲家,通常会指出您的项目的文件权限未正确设置.
Best practice is not to use sudo for composer commands at all. If you need sudo for composer, it usually points at your project's file permissions not being setup correctly.
例如您应该有一个非root用户拥有项目目录,并且您应该以那个用户身份运行所需的命令,而不需要 sudo .如果您需要以 root 身份运行,则可能意味着您在以前的运行中已这样做,并且已经弄乱了文件权限.
E.g. you should have a non-root user owning the projects directory, and you should run the needed commands as that user, without requiring sudo. If you need to run as root, it probably means that you did so in one of your previous runs, and already messed up your file permissions.
(最佳做法在任何情况下都不会在生产环境中运行 install ,但至少
(Best practice is also not running install in production in any case, but at least you are not running update)
在极少数情况下,您需要以超级用户身份运行 composer ,并且您不在非常受限的环境中(例如,构建Docker映像),应注意--no-scripts ,还有参数-no-plugins ,因此您只在执行文件复制操作,而不执行其他脚本.
In the rarer cases where you need to run composer as a superuser, and you are not on a very constrained environment (say, building a Docker image), you should pay attention to the official guidance and not only use --no-scripts, but also the parameter --no-plugins, so you are only doing file copying and not executing other scripts.
这篇关于不要以超级用户超级用户身份运行composer install的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
