Allow all users to access WP-CLI in chrooted shell

  • I’m running a Plesk web server on AlmaLinux. Plesk has the WP-CLI built in but it’s only accessible to the root user and they don’t have any plans to change that.

    I’ve installed the standalone version of WP-CLI on the server and it works great as root user but I want to automatically give access to all users in their chrooted SSH shells.

    Thinking a CRON job or something similar to look for new users every hour or so but I need help that.

Viewing 4 replies - 1 through 4 (of 4 total)

  • One option you could consider is creating a wrapper script for WP-CLI that allows non-root users to use it. To do this, you can create a script called wp in a directory that is in the PATH for all users, such as /usr/local/bin. The script would contain the following content:

    #!/bin/bash

sudo -u root /path/to/wp-cli "$@"

    This script will run WP-CLI as the root user when it is invoked by a non-root user. You will need to make sure that the /path/to/wp-cli is correct and that the script is executable by all users (you can do this by running chmod 755 /usr/local/bin/wp).

    Once you have created the wrapper script, users should be able to run WP-CLI commands by simply typing wp followed by the desired command and arguments. For example:

    wp plugin list

    This will run the plugin list command as the root user, allowing non-root users to use WP-CLI.

    Keep in mind that this approach will allow any user on the system to run WP-CLI as the root user, so you should use caution when setting this up and consider the potential security implications.

    Thread Starter FutureX5

    (@futurex5)

    Thanks for the info and detailed instructions! Very awesome.

    How do the hosting providers that advertise WP-CLI access for all users set it up so there is no security problem? with allowing any user to run WP-CLI as the root user.

    You’re very welcome!

    Hosting providers that offer WP-CLI access to all users typically do so by running WP-CLI in a restricted environment where users do not have access to the underlying system. This could be done using a containerization technology such as Docker or by using a serverless architecture where each user is given a dedicated environment for running WP-CLI commands.

    The “dedicated environment” is not a physically dedicated machine, but the software is configured in a way, where it is essentially, physically dedicated, or at least “your dedicated environment believes it is physically separate” more or less…

    Thread Starter FutureX5

    (@futurex5)

    OK cool, I thought I would be able to make it work in a shared hosting environment and keep it safe but it looks like it isn’t possible yet.

    Thanks for the help!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Allow all users to access WP-CLI in chrooted shell’ is closed to new replies.

Tags