diff --git a/scripts/install-wordpress.sh b/scripts/install-wordpress.sh index 421d8ed..fcb9717 100644 --- a/scripts/install-wordpress.sh +++ b/scripts/install-wordpress.sh @@ -226,34 +226,32 @@ fi # --- WP-CLI Execution Context Setup --- # Determine how WP-CLI commands should be run (user, flags) -# This logic prioritizes running as root if available, to avoid sudo PATH issues. WP_RUN_ARGS=("--path=$WP_ROOT") -SUDO_CMD="" # Command prefix (e.g., sudo -u user) - empty by default -WP_EXECUTABLE="$WP_CLI_PATH" # Use the full path to wp-cli +SUDO_CMD="" # Command prefix (e.g., sudo -u user) - empty by default +WP_EXECUTABLE="$WP_CLI_PATH" # Use the full path to wp-cli -# Check if the script is running as root (UID 0) +# Prefer running WP-CLI as the designated web user so that any files it +# creates/updates (e.g. .htaccess) are owned by that user instead of root. if [[ "$(id -u)" -eq 0 ]]; then - info "Script is running as root. Using --allow-root for WP-CLI commands." - # Avoid adding flag if somehow already present (e.g., future modification) - if [[ ! " ${WP_RUN_ARGS[@]} " =~ " --allow-root " ]]; then + info "Script is running as root. Attempting to run WP-CLI as '$WEB_USER' for correct file ownership." + if sudo -n -u "$WEB_USER" "$WP_EXECUTABLE" --info --skip-update --quiet "${WP_RUN_ARGS[@]}" &>/dev/null; then + SUDO_CMD="sudo -u $WEB_USER" + info "WP-CLI will be executed via sudo as '$WEB_USER'." + else + warning "Failed to execute WP-CLI as '$WEB_USER' without password. Falling back to running as root with --allow-root. Resulting files may be owned by root." WP_RUN_ARGS+=("--allow-root") fi - # No SUDO_CMD needed, root executes directly else - # Script is NOT running as root. Check if it's running as the target web user. + # Script is NOT running as root. if [[ "$(id -u)" -eq "$(id -u "$WEB_USER")" ]]; then - info "Script is running as the web user ('$WEB_USER'). No sudo or --allow-root needed." - # No SUDO_CMD needed, correct user executes directly + info "Script is already running as the web user ('$WEB_USER'). No sudo or --allow-root needed." else - # Running as a different non-root user. Need to try `sudo -u WEB_USER`. info "Script running as non-root user '$(id -un)'. Attempting to run WP-CLI as '$WEB_USER' via sudo." if sudo -n -u "$WEB_USER" "$WP_EXECUTABLE" --info --skip-update --quiet "${WP_RUN_ARGS[@]}" &>/dev/null; then - info "Successfully verified ability to run WP-CLI as '$WEB_USER' using sudo." - SUDO_CMD="sudo -u $WEB_USER" - # Keep WP_EXECUTABLE as full path + SUDO_CMD="sudo -u $WEB_USER" + info "Successfully configured sudo execution for WP-CLI as '$WEB_USER'." else - # Cannot run as root, cannot run as web_user, cannot sudo -u web_user without password. - error_exit "Script lacks permissions. Run as root, as '$WEB_USER', or ensure user '$(id -un)' has passwordless sudo access to run '$WP_EXECUTABLE' as '$WEB_USER'." + error_exit "Unable to execute WP-CLI as '$WEB_USER'. Ensure the current user has passwordless sudo access, or run this script as root." fi fi fi @@ -769,6 +767,12 @@ EOF $SUDO_CMD $WP_EXECUTABLE rewrite structure '/%postname%/' "${WP_RUN_ARGS[@]}" || warning "Could not set permalink structure" $SUDO_CMD $WP_EXECUTABLE rewrite flush "${WP_RUN_ARGS[@]}" || warning "Could not flush rewrite rules" + # WP-CLI operations above might have recreated or modified .htaccess as the user executing WP-CLI. + # To enforce consistent ownership, reset it to the designated web user/group. + if [[ -f ".htaccess" ]]; then + sudo chown "${WEB_USER}:${WEB_GROUP}" .htaccess || warning "Failed to reset ownership on .htaccess after WP-CLI operations." + fi + success "WordPress installed successfully via WP-CLI." else info "WordPress is already installed according to WP-CLI."