WP-CLI catch 22 with root
-
I am working in a cPanel on CloudLinux environment and user accounts do not have shell access. I really don’t want to provide user shell access as it would open a larger potential security hole than using wp-cli as root. I am not able to use the sudo -u -i options because of the lack of user shells, and I am not able to find a good explanation on what exactly happens if you do run wp-cli as the root user, only the vague:
When you execute WP-CLI as root, any code within your WordPress instance (including third-party plugins and themes you’ve installed) will have full privileges to the entire server. This can enable malicious code within the WordPress instance to compromise the entire server.
That does not explain why or what exactly is the issue, just an assumption of what can happen. My question is, if I run wp-cli as the root user, and then afterwards I do a full ownership and permissions reset of the user home folder and everything in it, would that be sufficient to mitigate the problems created by running wp-cli as the root user? If not, what other steps would be necessary to reset the environment so that the WordPress install does not have full privileges on the server.
Thank you.
- The topic ‘WP-CLI catch 22 with root’ is closed to new replies.