Fix wordpress .htaccess file

scripts/install-wordpress.sh

@@ -226,34 +226,32 @@ fi
 
 # --- WP-CLI Execution Context Setup ---
 # Determine how WP-CLI commands should be run (user, flags)
-# This logic prioritizes running as root if available, to avoid sudo PATH issues.
 WP_RUN_ARGS=("--path=$WP_ROOT")
-SUDO_CMD="" # Command prefix (e.g., sudo -u user) - empty by default
+SUDO_CMD=""       # Command prefix (e.g., sudo -u user) - empty by default
-WP_EXECUTABLE="$WP_CLI_PATH" # Use the full path to wp-cli
+WP_EXECUTABLE="$WP_CLI_PATH"  # Use the full path to wp-cli
 
-# Check if the script is running as root (UID 0)
+# Prefer running WP-CLI as the designated web user so that any files it
+# creates/updates (e.g. .htaccess) are owned by that user instead of root.
 if [[ "$(id -u)" -eq 0 ]]; then
-    info "Script is running as root. Using --allow-root for WP-CLI commands."
+    info "Script is running as root. Attempting to run WP-CLI as '$WEB_USER' for correct file ownership." 
-    # Avoid adding flag if somehow already present (e.g., future modification)
+    if sudo -n -u "$WEB_USER" "$WP_EXECUTABLE" --info --skip-update --quiet "${WP_RUN_ARGS[@]}" &>/dev/null; then
-    if [[ ! " ${WP_RUN_ARGS[@]} " =~ " --allow-root " ]]; then
+        SUDO_CMD="sudo -u $WEB_USER"
+        info "WP-CLI will be executed via sudo as '$WEB_USER'."
+    else
+        warning "Failed to execute WP-CLI as '$WEB_USER' without password. Falling back to running as root with --allow-root. Resulting files may be owned by root."
         WP_RUN_ARGS+=("--allow-root")
     fi
-    # No SUDO_CMD needed, root executes directly
 else
-    # Script is NOT running as root. Check if it's running as the target web user.
+    # Script is NOT running as root.
     if [[ "$(id -u)" -eq "$(id -u "$WEB_USER")" ]]; then
-        info "Script is running as the web user ('$WEB_USER'). No sudo or --allow-root needed."
+        info "Script is already running as the web user ('$WEB_USER'). No sudo or --allow-root needed."
-        # No SUDO_CMD needed, correct user executes directly
     else
-        # Running as a different non-root user. Need to try `sudo -u WEB_USER`.
         info "Script running as non-root user '$(id -un)'. Attempting to run WP-CLI as '$WEB_USER' via sudo."
         if sudo -n -u "$WEB_USER" "$WP_EXECUTABLE" --info --skip-update --quiet "${WP_RUN_ARGS[@]}" &>/dev/null; then
-             info "Successfully verified ability to run WP-CLI as '$WEB_USER' using sudo."
+            SUDO_CMD="sudo -u $WEB_USER"
-             SUDO_CMD="sudo -u $WEB_USER"
+            info "Successfully configured sudo execution for WP-CLI as '$WEB_USER'."
-             # Keep WP_EXECUTABLE as full path
         else
-            # Cannot run as root, cannot run as web_user, cannot sudo -u web_user without password.
+            error_exit "Unable to execute WP-CLI as '$WEB_USER'. Ensure the current user has passwordless sudo access, or run this script as root."
-            error_exit "Script lacks permissions. Run as root, as '$WEB_USER', or ensure user '$(id -un)' has passwordless sudo access to run '$WP_EXECUTABLE' as '$WEB_USER'."
         fi
     fi
 fi
@@ -769,6 +767,12 @@ EOF
     $SUDO_CMD $WP_EXECUTABLE rewrite structure '/%postname%/' "${WP_RUN_ARGS[@]}" || warning "Could not set permalink structure"
     $SUDO_CMD $WP_EXECUTABLE rewrite flush "${WP_RUN_ARGS[@]}" || warning "Could not flush rewrite rules"
 
+    # WP-CLI operations above might have recreated or modified .htaccess as the user executing WP-CLI.
+    # To enforce consistent ownership, reset it to the designated web user/group.
+    if [[ -f ".htaccess" ]]; then
+        sudo chown "${WEB_USER}:${WEB_GROUP}" .htaccess || warning "Failed to reset ownership on .htaccess after WP-CLI operations."
+    fi
+
     success "WordPress installed successfully via WP-CLI."
 else
     info "WordPress is already installed according to WP-CLI."