Hi there, I’m trying to install Ghost usin a non-sudoer user to keep our company conventions and I’m finding a bit difficult to operate, due to several topics:
systemd unit: I didn’t find how to make ghost create a systemd unit in the user space, to use like systemctl --user start xxx
I can do it manually, but then the ghost-cli doesn’t have this systemd unit under its radar
backups: ghost-cli seems to need root/sudoer in order to do the backups, which I’m not sure why
related: ghost updates; i believe it needs sudoer because it performs a backup first, but not sure if it’s that all.
SSL certificates installation: it seems that ghost may install nginx configuration (again, only in root/sudoers), but I didn’t see how to configure my own SSL certificates, instead of using automatic let’sencrypt.
Is there any way to install / operate Ghost as a non-root / non-sudoer user and still take advantage of the ghost-cli features?
I’ve read that topic, but it has several problems that I still share 4 years later:
I can diverge from the official installation and get a non-sudoer user running everything, but then I lose the features given by ghost-cli, as backups or updates.
Backups are important, but even more updates, which may include database migrations that are way better managed officially.
The good thing is now I’m sure that I didn’t miss any documentation about this topic.
Not sure if this is the place to a request, but if possible, I’d like Ghost developers to consider changing this sudo requirements, so different teams can choose how to install it and follow their own team conventions.
The CLI mostly needs sudo for the Process Manager -
systemd unit: The user installing Ghost is not the same user that runs Ghost, by design. I’m assuming not, but can units created in user space run as other users (i.e. if ghost-mgr creates a unit, can that unit run as ghost?)
backups: My recollection is that the CLI checks that the instance is started before performing a backup. The CLI should log all sudo commands it runs, are you able to confirm this?
updates: The CLI needs to restart Ghost after the latest version is downloaded.
SSL Certificates: You should be able to tell Ghost not to set up SSL as part of the webserver set up. However, you’ll still need sudo access to add the config and reload/restart the server. You might want to tell Ghost not to set up nginx and manually configure it.
The CLI has support for extensions, so if you’re interested, you could prototype a systemd process manager that doesn’t depend on sudo. Here’s the systemd extension for reference.
