Welcome to Centmin Mod Community
Become a Member

Safely using Composer on Centmin

Discussion in 'Other Web Apps usage' started by jscott, Apr 16, 2019.

  1. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    5:44 AM
    Server Type: openvz
    CentOS Version: 7.6
    Centmin Mod: 123.09beta01.b126

    I am working on converting a project that uses composer to Centminmod.

    The problem is that composer advises you not to use it as a root user!
    With good reason!

    Any suggestions on how to set up a php app with composer as a non-root in Centmin? I have always just used the default setup...

    Thanks
    -Jscott
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,995
    9,470
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,573
    Local Time:
    8:44 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    So you ran composer as root… – Snipe.Net

     
  3. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    5:44 AM
    Sorry, I was not clear in what I am asking.

    I do have composer installed globally, and it is working fine.

    I question comes up when I want to use <code>composer update</code> or <code>composer upgrade</code> to update dependencies for my php application.

    Currently they are ignoring the warning and running as root.

    I want to remove that exploit path.

    Currently, the domains public directory is owned by root and is a member of the nginx group

    Should I create a user for the applications updates and add that user to the nginx group? This is kind of pushing my linux knowledge...

    -Thanks
    jscott
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,995
    9,470
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,573
    Local Time:
    8:44 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    See the linked article which outlines the proper fix for running composer as a non root user which is to use non root user belonging to webserver group = nginx for centmin mod