Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I've been meaning to post this for a while, but never got around to it.
Provision doesn't let you run any commands as root, which is probably a good idea, but doing that it prevents root from running Drush alltogether.
As root drush version
and more importantly drush selfupdate
don't work. I first have to move the provision folder somewhere else and then put it back afterwards. That's quite a pain.
I don't know how easy/hard this would be, but it seems we should be able to check if the command contains "provision" (and maybe "hosting"?) and then exit.
Comment | File | Size | Author |
---|---|---|---|
#6 | 1440646-root-check-5.patch | 1.66 KB | mig5 |
#4 | 1440646-root-check-4.patch | 2.8 KB | cafuego |
#3 | provision-root.patch | 634 bytes | tstoeckler |
Comments
Comment #1
Anonymous (not verified) CreditAttribution: Anonymous commentedI'd be curious to know why running drush as root is absolutely necessary? It's certainly not a good idea. We've always considered this a feature as opposed to a bug. (FYI this came up before here: #799804: No sandwiches :-( Provision prevents drush make-me-a-sandwich example from running)
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedOn the other hand, I don't disagree that if running drush as the root user, the error message is probably baffling, potentially even to users who don't know what provision is.
If Drush itself doesn't provide any such safeguard, we probably shouldn't either, or fail only on provision/hostmaster/hosting commands as you suggest.
Comment #3
tstoecklerHere's a patch for this. It checks for 'provision' in the command string.
There should probably be a similar check in hosting.drush.inc, but I guess that should be its own issue. If this approach is deemed good for Provision, I'll roll such a patch in the Hosting queue.
Now will go on to
selfupdate
to 5.0. :)Comment #4
cafuego CreditAttribution: cafuego commentedI refer you to #349923: drush_invoke : a flexible API for hooking into any and all drush calls. by none other than one of the provision maintainers ;-)
Attached patch synergistically leverages hook_drush_command_validate() to provide a user id check for all functions documented at the top of provision.drush.inc.
Comment #5
anarcat CreditAttribution: anarcat commentedI like this, but it seems too verbose.
Shouldn't we instead have a _init() hook that looks at the command name?
Comment #6
Anonymous (not verified) CreditAttribution: Anonymous commentedHow about this?
We already had an init hook checking system load. I turned that into a private function, introduced a new one for checking the user/command, and made the init hook call both of these.
Comment #7
anarcat CreditAttribution: anarcat commentedThat makes a lot of sense, please push.
Comment #8
Steven Jones CreditAttribution: Steven Jones commentedLooks good, pushed to 6.x-1.x and 6.x-2.x. Thanks all!