1

I'm quite new to Linux but I need to install Wordpress on a Debian Wheezy machine.

I have been reading tens of websites to prepare for this and they seem to say that Wordpress should NOT be installed as the root user. I created a normal user called Myname and I will try to do the installation with that user. But in all the tutorials the SUDO-command seems to be used.

So my questions are these:

  1. How do I, acting as root user, give the Myname user SUDO priviledges?

  2. How can I know which SUDO priviledges I should be giving Myname? Do I need to be specific or can I give a broad range of them?

Sony packman
  • 113
  • @jasonwryan, no, the question here is quite different. – vonbrand Feb 02 '14 at 03:42
  • @vonbrand Other than an unsupported assertion; do you have anything to add? Seems to me to be an exact duplicate: 1 certainly is, and 2 is reasonably covered in the linked Question. – jasonwryan Feb 02 '14 at 03:47

5 Answers5

3

I think you're pointing the wrong problem, no offense.

Wordpress comes in Debian repositories, as a standard package. So if you're not so familiar with Linux, I would strongly recommend that you just :

apt-get install wordpress

Whether you gain them with sudo or with root login, you need to have root privileges to do so. That's far away better than installing without integrating correctly in the system : the package will cleanly put ownership and rights access on the files it will install.

I already installed WP on a production server, for client. It just worked very fine.

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
Pierre Fumet
  • 148
  • 1
  • 6
  • I did what you suggested and the installation finished. But it didn't put any new files in the var/www folder.. Where did the installation go and how do I actually access wordpress now from a browser? – Sony packman Feb 01 '14 at 20:04
  • Firest, you dpkg -L wordpress to see what files were installed. Then, have a look at : /usr/share/doc/wordpress/examples/apache.conf. You'll need to create apache2 (i suppose you have apache2 installed) site conf for WP, and you can find guidelines in this file. – Pierre Fumet Feb 02 '14 at 08:28
0

I'm not familiar with Wordpress, but as a general rule you should use the root account very sparingly (it is all-powerful, a slipup can destroy your machine). But to install software has to be done by root, thus sudo.

Many software packages install under a particular user, who owns the files and so on. It is best if you use a special user for this (if you install the package as you, if there is some configuration/programming problem it might allow might do anything as you).

I'd be very surprised if there wasn't a Debian package for this. It is always better to use the package offered by the distribution (somebody knowledgeable set it up and packaged it to integrate well with the system; they follow upstream bug reports and apply fixes for security problems; and are available for help with bug reports in your environment). Just remember buying the folks doing the work a beer next time you run into them.

terdon
  • 242,166
vonbrand
  • 18,253
0

Check out https://superuser.com/questions/39530/how-can-i-add-a-regular-user-to-the-sudoers-file.

Basically, there's a group of users who are able to use sudo. You have to add MyName to them

Like Vonbrand said, be very careful with sudo.

Also, for more information on sudo permissions, including the restriction of them (which I think will be the most helpful for you), check out http://answers.oreilly.com/topic/432-how-to-limit-permissions-with-sudo/.

Good Luck!

Community
  • 1
evamvid
  • 688
0

What you need to do is simply allow the user myname to run commands with sudo. You don't need to give any specific privileges (that is possible but unnecessary), you want to generally be able to run commands as root while logged in as myuser.

To do this, you will need to run visudo as root and add these lines (if you're having trouble editing the file, see here):

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

The file very likely already contains the lines above, they tell the system to allow any user who belongs to the sudo group to run sudo commands.

Now, make sure your user is in the sudo group. Check the output of groups:

terdon@oregano ~ $ groups
terdon sudo netdev fuse vboxsf vboxusers

As you can see, my user is part of the sudo group. If yours is not, run (as root):

usermod -aG sudo myuser

Then log out and log back in again to make the changes take effect. You should now be able to run commands with sudo.

terdon
  • 242,166
  • Your answer helped me to get sudo working. As an additional step I needed to first install the sudo-package as root. – Sony packman Feb 01 '14 at 19:54
0

If you give the myname account sudo rights, it is functionally no different than installing Wordpress as root - you're effectively giving wordpress (and more importantly, any plugins you install into it) the power to run things as root.

If you get a malicious or poorly written plugin, other users or files on the system will no longer be protected from anything that myname does, since it can sudo.

Joe Block
  • 101
  • Sudo does not have to give full root access, you can configure it to only run specific commands as root, or as another suitable user. Your advice is still well heeded depending on what commands sudo is used to give access to. – casey Feb 02 '14 at 00:55
  • After rereading, I realized that while the example upthread gives ALL=(ALL:ALL) ALL, it doesn't give it NOPASSWD so at least OP would get prompted for a password. I think it's still a terrible idea to grant system accounts unfettered sudo privileges. – Joe Block Feb 02 '14 at 01:01