0

I'm running my project on a VPS with debian9 and apache2 as HTTP server and i created a script shell to fetch from git and pull and install components with composer and do what he should do and when i go to that line

$ php bin/console cache:clear

i get error because the folder var/cache/dev/profiler is owned by www-data and the script is executed with another user.

when i execute the script with root user it works and i get a warning that i shouldn't execute composer with root and i should add this line at the end of the script to have the right access 

# chown -R user:www-data *

#! /bin/sh
set -e

LOGFILE="$(pwd)/updateServer.log"

git fetch
UPSTREAM=${1:-'@{u}'}
LOCAL=$(git rev-parse @)
REMOTE=$(git rev-parse "$UPSTREAM")
BASE=$(git merge-base @ "$UPSTREAM")

if [ $LOCAL = $REMOTE ]; then
    exit
elif [ $LOCAL = $BASE ]; then
    echo "$(date -d today --rfc-3339=ns) updating" > $LOGFILE
fi

echo "$(date -d today --rfc-3339=ns) update HEAD to $REMOTE" >> $LOGFILE
git reset --hard
git pull
echo "$(date -d today --rfc-3339=ns) DONE" >> $LOGFILE

echo "$(date -d today --rfc-3339=ns) Updating Symfony" >> $LOGFILE
composer install
echo "$(date -d today --rfc-3339=ns) done" >> $LOGFILE

pass=$(date +%s|sha256sum|base64|head -c 32);

echo "$(date -d today --rfccd -3339=ns) removing JWT keys" >> $LOGFILE
rm ./app/config/jwt.yml
rm ./app/config/jwt/private.pem
rm ./app/config/jwt/public.pem
echo "$(date -d today --rfccd -3339=ns) DONE" >> $LOGFILE

openssl genrsa -out app/config/jwt/private.pem -aes256 -passout pass:$pass 4096
openssl rsa -pubout -in app/config/jwt/private.pem -out app/config/jwt/public.pem -passin pass:$pass
chmod g+r ./app/config/jwt/private.pem
echo "$(date -d today --rfc-3339=ns) new JWT keys created" >> $LOGFILE

echo "lexik_jwt_authentication:
    secret_key:       '%kernel.project_dir%/app/config/jwt/private.pem'
    public_key:       '%kernel.project_dir%/app/config/jwt/public.pem'
    pass_phrase:      '$pass'
    token_ttl:        86400
" > ./app/config/jwt.yml

echo "$(date -d today --rfc-3339=ns) update jwt.yml" >> $LOGFILE

echo "$(date -d today --rfc-3339=ns) update doctrine" >> $LOGFILE
php bin/console doctrine:schema:update --force >> $LOGFILE
chown -R user:www-data * >> $LOGFILE
echo "$(date -d today --rfc-3339=ns) fix permissions" >> $LOGFILE
php bin/console cache:clear >> $LOGFILE
chmod -R 775 var
echo "$(date -d today --rfc-3339=ns) clear cache" >> $LOGFILE
chown -R user:www-data *
echo "====================================================" >> $LOGFILE

i want to use cron to execute this script every minute to update automatically when i push to master branch so should i execute it as root or there is some thing to do that makes me able to execute it with user without problems.

blocus
  • 41
  • 1
  • 6

1 Answers1

1

You don't need to run crontab as root at all. Make sure that 'user' belongs to the www-data group and create a cron job for that user:

sudo crontab -e -u user

or if you are logged as 'user'

crontab -e

In thus way you can avoid to set owner (chown) in the script Before that remember to correct any permission on the files and folders that where previously created by root

Andrea Binda
  • 160
  • 5
  • (Sorry for the typo) *This way – Andrea Binda Aug 08 '19 at 13:53
  • user is already belongs www-data group but he can't delete files created by www-data user – blocus Aug 08 '19 at 17:13
  • Ok, try then to give apache an umask of 002 so that every file created by it are writable by its group (www-data). Look at this other thread for more info: [link](https://stackoverflow.com/questions/428416/setting-the-umask-of-the-apache-user) – Andrea Binda Aug 11 '19 at 13:46
  • thank you it works now, the problem was the umask by default is 022 – blocus Aug 19 '19 at 12:06