Hashar has uploaded a new change for review.
https://gerrit.wikimedia.org/r/56146
Change subject: usage help when mwscript is not run as `apache` user
......................................................................
usage help when mwscript is not run as `apache` user
7c4810c8a limited the execution of MWScript to prevent running it as a
privileged user (wikidev, root, sudo groups). This patch improve the
error message and reference the `sudo -u apache` command that should be
used before the command. That will help new comers and people not used
to run mwscript commands.
Change-Id: I3aeb6b28382828cb37dac4863cf55602a0235f05
---
M multiversion/MWScript.php
1 file changed, 11 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config
refs/changes/46/56146/1
diff --git a/multiversion/MWScript.php b/multiversion/MWScript.php
index 323cdde..137104b 100644
--- a/multiversion/MWScript.php
+++ b/multiversion/MWScript.php
@@ -32,6 +32,17 @@
if ( $info && in_array( $info['name'], array( 'sudo',
'wikidev', 'root' ) ) ) {
fwrite( STDERR, "Cannot run a MediaWiki script as a
user in the " .
"group {$info['name']}\n" );
+ fwrite( STDERR, <<<EOT
+Maintenance scripts should generally be run using sudo -u apache which
+is available to all wikidev users. Running a maintenance script as a
+privileged user risks compromise of the user account.
+
+You should run this script as the apache user:
+
+ sudo -u apache <command>
+
+EOT
+ );
exit( 1 );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/56146
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3aeb6b28382828cb37dac4863cf55602a0235f05
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Hashar <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
