robo database:refresh-tugboat command requires privileges to write to document root but then also performs actions that should run as the web user #230
Description
Description
The robo database:refresh-tugboat command downloads a database dump file to the document root of the web server. The document root is often owned by a privileged user, forcing the robo command to be run with the same level of privileges as the user that owns the docroot. In the case of Tugboat, that is the root user.
However, the command also runs a cache:rebuild, which removes and creates files in the site's files directory. This means that the files created by cache:rebuild will have the same ownership as the privileged user that ran the robo command, rather than the privileges/ownership of the web server user.
Last, it's questionable if the command should even take on the responsibility for clearing the cache after the database import.
The command should probably be downloading the database dump file to a temporary file system that an unprivileged user can write to.
dump_path=$(drush php-eval 'echo \Drupal\Core\Site\Settings::get("file_tmp_path");')
# or
dump_path=$(drush php-eval 'echo \Drupal\Core\Site\Settings::get("file_private_path");')
if [ -z "$dump_path" ]; then
# This should work for linux and || Mac OS
dump_path=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
fi
# now download to dump_path, and, later, delete from dump path.