I am a developer of a very small PHP tool. It is a PHP application that has composer dependencies (defined in composer.json).
I wrote a script installer for Virtualmin to make deploying it withing Virtualmin just a few button clicks. I am facing the following issue: how can I let the installer download the dependencies for for the application.
Currently I added the following to my script_name_install function:
But then I noticed that the dependencies are being created as the user root, so I changed that to:
system(“su -c “cd $opts->{‘dir’} && composer install > $opts->{‘dir’}/composer-installer.log” -s /bin/bash $dbuser”);
But I am not so sure it’s the best way to make that, so how do you suggest I implement such a thing?
The signature is: run_as_domain_user(&domain, command, background, [never-su])
And, it’s defined in security-lib.pl in the base dir of Virtualmin if you want to see the code for what it does exactly.
It may be fine to do it “manually” though there tends to be some extra protections in the Virtualmin functions to do things, like cleaning the environment and other stuff. If you trust your users not to do malicious things this isn’t a problem. Jamie’s been building security sensitive software for a long time and has been bitten by just about everything, so he thinks of more possible failure modes than us mere mortals do.