该脚本由 update.sh 运行,后者由 cron 每天 2 点运行,它允许 wordpress 通过 cli 自动更新(需要提前安装)实际上在以 root 身份运行时运行良好
但通过 cron 运行时失败
出现错误
=== updating /var/www/html/domain.com ===
currently installed:
This account is currently not available <- which means, despite allowing www-data to temporarily log in, it can not.
..... if updates available, updating:
...core
This account is currently not available.
...themes
This account is currently not available.
...plugins
This account is currently not available.
这意味着:尽管允许 www-data 像这样临时登录:
usermod -s /bin/bash www-data
当作为 cron 作业运行时,它不能。
为什么?
vim /root/scripts/wordpress_update.sh
#!/bin/bash
# what to backup
WEBROOT=/var/www/html
# temporarily allow non-root apache2 user to login
usermod -s /bin/bash www-data
echo "===== wordpress automatic update single wordpress in web root ===="
INSTALLATION=$WEBROOT
echo "currently installed:";
su www-data -c "wp core version --path=$INSTALLATION";
echo "..... if updates available, updating:"
echo "...core"; su www-data -c "wp core update --path=$INSTALLATION";
echo "...themes"; su www-data -c "wp theme update --all --path=$INSTALLATION";
echo "...plugins"; su www-data -c "wp plugin update --all --path=$INSTALLATION";
# echo "===== wordperss automatic update multiple wordpress in web root ====="
# for FULLPATH in $WEBROOT/*; do
# if [ -d "$FULLPATH" ]; then
# BASENAME=$(basename $FULLPATH);
#
# INSTALLATION=$FULLPATH;
# # might need modification like this:
# # INSTALLATION=$FULLPATH/public_html;
#
# echo "=== updating $INSTALLATION ==="
# echo "currently installed:"; su www-data -c "wp core version --path=$INSTALLATION";
# echo "..... if updates available, updating:"
# echo "...core"; su www-data -c "wp core update --path=$INSTALLATION";
# echo "...themes"; su www-data -c "wp theme update --all --path=$INSTALLATION";
# echo "...plugins"; su www-data -c "wp plugin update --all --path=$INSTALLATION";
# fi
# done
# disable login again for non-root apache2 default user
usermod -s /sbin/nologin www-data
echo "=== disable xmlrpc.php because a lot of pwd brute force attacks focus on this file ==="
echo "... also via the readme.html the installed version of wordpress can be identified"
echo "... the following files were found and renamed to .disabled"
find $WEBROOT -type f -name 'xmlrpc.php';
find $WEBROOT -type f -name 'xmlrpc.php' -print0 | xargs --null -I{} mv {} {}.disabled;
find $WEBROOT -type f -name 'liesmich.html';
find $WEBROOT -type f -name 'liesmich.html' -print0 | xargs --null -I{} mv {} {}.disabled;
find $WEBROOT -type f -name 'readme.html';
find $WEBROOT -type f -name 'readme.html' -print0 | xargs --null -I{} mv {} {}.disabled;
find $WEBROOT -type f -name 'license.txt';
find $WEBROOT -type f -name 'license.txt' -print0 | xargs --null -I{} mv {} {}.disabled;
答案1
我认为问题与你使用“su”有关
我认为一个合适的解决方案是使用“sudo”而不是“su”。我使用了类似于以下调用的方法 -
sudo -u www-data /path/to/wp "add wp parameters here"
这可能还会否定脚本顶部可疑的“usermod -s /bin/bash www-data”行。(在我的调用中,我甚至没有有效的用户 - 我只是使用 UID)