wordpress 通过 cron 自动更新无需 root 权限?

wordpress 通过 cron 自动更新无需 root 权限?

该脚本由 update.sh 运行,后者由 cron 每天 2 点运行,它允许 wordpress 通过 cli 自动更新(需要提前安装)实际上在以 root 身份运行时运行良好

但通过 cron 运行时失败

出现错误

=== updating /var/www/html/domain.com ===
currently installed:
This account is currently not available <- which means, despite allowing www-data to temporarily log in, it can not.

..... if updates available, updating:
...core
This account is currently not available.
...themes
This account is currently not available.
...plugins
This account is currently not available.

这意味着:尽管允许 www-data 像这样临时登录:

usermod -s /bin/bash www-data

当作为 cron 作业运行时,它不能。

为什么?

vim /root/scripts/wordpress_update.sh

#!/bin/bash
# what to backup
WEBROOT=/var/www/html

# temporarily allow non-root apache2 user to login
usermod -s /bin/bash www-data

echo "===== wordpress automatic update single wordpress in web root ===="
INSTALLATION=$WEBROOT
echo "currently installed:";
su www-data -c "wp core version --path=$INSTALLATION";
echo "..... if updates available, updating:"
echo "...core"; su www-data -c "wp core update --path=$INSTALLATION";
echo "...themes"; su www-data -c "wp theme update --all --path=$INSTALLATION";
echo "...plugins"; su www-data -c "wp plugin update --all --path=$INSTALLATION";
# echo "===== wordperss automatic update multiple wordpress in web root ====="
# for FULLPATH in $WEBROOT/*; do
#     if [ -d "$FULLPATH" ]; then
#         BASENAME=$(basename $FULLPATH);
# 
#   INSTALLATION=$FULLPATH;
#   # might need modification like this:
#   # INSTALLATION=$FULLPATH/public_html;
# 
#         echo "=== updating $INSTALLATION ==="
#         echo "currently installed:"; su www-data -c "wp core version --path=$INSTALLATION";
#         echo "..... if updates available, updating:"
#         echo "...core"; su www-data -c "wp core update --path=$INSTALLATION";
#         echo "...themes"; su www-data -c "wp theme update --all --path=$INSTALLATION";
#         echo "...plugins"; su www-data -c "wp plugin update --all --path=$INSTALLATION";
#     fi
# done

# disable login again for non-root apache2 default user
usermod -s /sbin/nologin www-data

echo "=== disable xmlrpc.php because a lot of pwd brute force attacks focus on this file ==="
echo "... also via the readme.html the installed version of wordpress can be identified"
echo "... the following files were found and renamed to .disabled"
find $WEBROOT -type f -name 'xmlrpc.php';
find $WEBROOT -type f -name 'xmlrpc.php' -print0 | xargs --null -I{} mv {} {}.disabled;

find $WEBROOT -type f -name 'liesmich.html';
find $WEBROOT -type f -name 'liesmich.html' -print0 | xargs --null -I{} mv {} {}.disabled;

find $WEBROOT -type f -name 'readme.html';
find $WEBROOT -type f -name 'readme.html' -print0 | xargs --null -I{} mv {} {}.disabled;

find $WEBROOT -type f -name 'license.txt';
find $WEBROOT -type f -name 'license.txt' -print0 | xargs --null -I{} mv {} {}.disabled;

https://dwaves.de/2022/07/09/gnu-linux-vm-dedicated-server-webserver-how-to-automate-bash-terminal-automate-wordpress-updates-core-plugins-themes-and-enhance-security/

答案1

我认为问题与你使用“su”有关

我认为一个合适的解决方案是使用“sudo”而不是“su”。我使用了类似于以下调用的方法 -

sudo -u www-data /path/to/wp "add wp parameters here" 

这可能还会否定脚本顶部可疑的“usermod -s /bin/bash www-data”行。(在我的调用中,我甚至没有有效的用户 - 我只是使用 UID)

相关内容