[MediaWiki-commits] [Gerrit] usage help when mwscript is not run as `apache` user - change (operations/mediawiki-config)

Wed, 27 Mar 2013 09:53:45 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: usage help when mwscript is not run as `apache` user
......................................................................


usage help when mwscript is not run as `apache` user

7c4810c8a limited the execution of MWScript to prevent running it as a
privileged user (wikidev, root, sudo groups).  This patch improve the
error message and reference the `sudo -u apache` command that should be
used before the command.  That will help new comers and people not used
to run mwscript commands.

Change-Id: I3aeb6b28382828cb37dac4863cf55602a0235f05
---
M multiversion/MWScript.php
1 file changed, 11 insertions(+), 0 deletions(-)

Approvals:
  Aaron Schulz: Looks good to me, approved
  Nikerabbit: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/multiversion/MWScript.php b/multiversion/MWScript.php
index 323cdde..137104b 100644
--- a/multiversion/MWScript.php
+++ b/multiversion/MWScript.php
@@ -32,6 +32,17 @@
                if ( $info && in_array( $info['name'], array( 'sudo', 
'wikidev', 'root' ) ) ) {
                        fwrite( STDERR, "Cannot run a MediaWiki script as a 
user in the " .
                                "group {$info['name']}\n" );
+                       fwrite( STDERR, <<<EOT
+Maintenance scripts should generally be run using sudo -u apache which
+is available to all wikidev users.  Running a maintenance script as a
+privileged user risks compromise of the user account.
+
+You should run this script as the apache user:
+
+ sudo -u apache <command>
+
+EOT
+                       );
                        exit( 1 );
                }
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/56146
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3aeb6b28382828cb37dac4863cf55602a0235f05
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Hashar <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: Nikerabbit <[email protected]>
Gerrit-Reviewer: Tim Starling <[email protected]>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to