Issue
I would like to make .sh file for automatic deploy web pages from github to production. I need to run composer install in it but as I run it, it throws me a warning:
"Do not run composer install as root super user!"
I found out this is because of security reasons. But I need to run also other commands which needs to e.g. delete some files and directories.
The solution I found to fix this is:
composer install --no-scripts --no-interaction
The question is: Is it enough? Is --no-script the solution or not? What is the best practice regarding running composer as root?
Solution
Best practice is not to use sudo for composer commands at all. If you need sudo for composer, it usually points at your project's file permissions not being setup correctly.
E.g. you should have a non-root user owning the projects directory, and you should run the needed commands as that user, without requiring sudo. If you need to run as root, it probably means that you did so in one of your previous runs, and already messed up your file permissions.
(Best practice is also not running install in production in any case, but at least you are not running update)
In the rarer cases where you need to run composer as a superuser, and you are not on a very constrained environment (say, building a Docker image), you should pay attention to the official guidance and not only use --no-scripts, but also the parameter --no-plugins, so you are only doing file copying and not executing other scripts.
Answered By - yivi
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.