Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ghost exec/ghost repair-permissions commands #317

Closed
3 tasks
acburdine opened this issue Jul 8, 2017 · 2 comments
Closed
3 tasks

ghost exec/ghost repair-permissions commands #317

acburdine opened this issue Jul 8, 2017 · 2 comments
Labels
enhancement Stale

Comments

@acburdine
Copy link
Member

Supersedes #311 , related to #307

In order to facilitate management of an installed Ghost instance with as little pain as possible, while still not messing up file/folder permissions, two new commands needed to be added to the CLI via the linux extension:

  • ghost exec <cmd>

ghost exec <cmd> will essentially work similar to sudo <cmd> but after the sudo command is run, all permissions will be repaired so that Ghost itself isn't affected.

  • ghost repair-permissions

ghost repair-permissions will go through the files in the ghost install directory, ensuring that all file permissions are correct

Later:

  • add permissions checks into a ghost doctor check
@acburdine acburdine mentioned this issue Jul 8, 2017
Closed
@acburdine
Copy link
Member Author

acburdine commented Jul 10, 2017
edited
Loading

Related: ghost run runs Ghost in the foreground, and is useful for debugging why a Ghost instance is not starting. Because of the permissions changes around the linux user spec - we also need to add some modifications to the ghost run command.

Reasoning:

  • ghost run runs in the foreground, meaning any files created during the process are going to be run as the user that actually runs the process. Example, I have an acburdine user and I run ghost run as that user, any files created will be owned by acburdine. This creates problems for the linux user extension for two reasons:
    • the content/logs folder will by owned by ghost, so any attempt to write to that directory as another user (e.g. acburdine) will fail with write permissions errors
    • if the user runs sudo ghost run, it will not run into the same issue, but then any log files will be owned by root, meaning if you tried to run ghost normally again (e.g. with ghost start and systemd), you would get other permissions errors because the ghost linux user wouldn't be able to write to the log file. This is the reason why the error in Ghost log file permissions #303 occurred.

Solution:

  • if the user is running on linux and the CLI has configured the ghost system user for the instance (e.g. switched the ownership of the content folder to the ghost user), then we always need to run ghost run as the ghost user so that we don't mess up file permissions.
  • To accomplish this, the linux extension will first check if it's running on linux and the CLI has configured the ghost system user.
    • if either are false, the linux user won't do anything, meaning you can run ghost run normally without sudo
    • If both are true, and the user is not root (e.g. sudo), then it will error, because otherwise the CLI cannot correctly switch the user id of the process to be that of the ghost user.
    • if both are true and the user is root, then it will use process.setuid() and process.setgid(), to switch the process user and essentially run ghost run as the ghost user, thus preserving correct file permissions.

Note: PR implementation of this is in #327

@acburdine acburdine mentioned this issue Jul 10, 2017
Closed
acburdine added a commit to acburdine/Ghost-CLI that referenced this issue Jul 10, 2017
@acburdine
fix(config): better config prompt handling
660a3fa 
closes TryGhost#280, closes TryGhost#268, refs TryGhost#317
- handle prompts better, don't prompt for mysql info if the user has specified sqlite
- don't prompt for URL if user has provided it
ErisDS pushed a commit that referenced this issue Jul 10, 2017
@acburdine @ErisDS
fix(config): better config prompt handling
8cdbad4 
closes #280, closes #268, refs #317
- handle prompts better, don't prompt for mysql info if the user has specified sqlite
- don't prompt for URL if user has provided it
acburdine added a commit to acburdine/Ghost-CLI that referenced this issue Jul 10, 2017
@acburdine
fix(run): better handling of ghost run with linux user
d8db872 
refs TryGhost#317
- use sudo to run ghost as the ghost user when it's set up for the instance
acburdine added a commit to acburdine/Ghost-CLI that referenced this issue Jul 10, 2017
@acburdine
fix(run): better handling of ghost run with linux user
9bc4f00 
refs TryGhost#317
- use sudo to run ghost as the ghost user when it's set up for the instance
acburdine added a commit to acburdine/Ghost-CLI that referenced this issue Jul 10, 2017
@acburdine
fix(run): better handling of ghost run with linux user
a9a3e1f 
refs TryGhost#317
- use sudo to run ghost as the ghost user when it's set up for the instance
acburdine added a commit to acburdine/Ghost-CLI that referenced this issue Jul 10, 2017
@acburdine
fix(run): better handling of ghost run with linux user
c30a0e6 
refs TryGhost#317
- use sudo to run ghost as the ghost user when it's set up for the instance
acburdine added a commit that referenced this issue Jul 10, 2017
@acburdine
fix(run): better handling of ghost run with linux user
7e0191e 
refs #317
- use sudo to run ghost as the ghost user when it's set up for the instance
@sebgie sebgie mentioned this issue Jul 10, 2017
Closed
@acburdine acburdine mentioned this issue Jul 11, 2017
Closed
@acburdine acburdine modified the milestones: 1.0.1, 1.1.0 Jul 23, 2017
@kirrg001 kirrg001 removed this from the 1.1.0 milestone Jan 12, 2018
@kirrg001 kirrg001 mentioned this issue Jan 13, 2018
Closed
@acburdine acburdine mentioned this issue Jan 13, 2018
Closed
18 tasks
@github-actions
Copy link

github-actions bot commented May 4, 2021

Our bot has automatically marked this issue as stale because there has not been any activity here in some time. The issue will be closed soon if there are no further updates, however we ask that you do not post comments to keep the issue open if you are not actively working on a PR. We keep the issue list minimal so we can keep focus on the most pressing issues. Closed issues can always be reopened if a new contributor is found. Thank you for understanding 🙂

@github-actions github-actions bot added the Stale label May 4, 2021
@ErisDS ErisDS closed this as completed May 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[WIP] Exec/Repair Permissions commands acburdine/Ghost-CLI
4 participants
@kevinansfield @ErisDS @kirrg001 @acburdine