[WordPress] version problem with cron user permissions and WordPress Cron cron job

[mtnlion1]

Platform

AWS

bndiagnostic ID know more about bndiagnostic ID

none

bndiagnostic output

No response

bndiagnostic was not useful. Could you please tell us why?

Problem has nothing to do with Apache. It's related to cron permissions

Describe your issue as much as you can

In order to bypass the WordPress interma; corn (which is needed on any site that gets good traffic), it's necessary to add an instruction in wp-config.php and create a corn job to run the Wordpress cron routine on a scheduled basis. The issue is that Bitnami does a cron-deny for user "daemon". However, you assign all Wordpress files to own/group "daemon". If the system cron job is run by any other user, plugin updates will fail.

I took care of this by deleting the cron-deny in /etc. However, you should not prohibit "daemon" from owning cron jobs in Wordpress instances.

[dennis6101990leon]

To resolve the WordPress cron job permissions issue, you can edit the /etc/group/HealthCareGov file as root, add the daemon user to the cron group, and then re-login as the daemon user. Ensure the daemon user has the necessary permissions to execute cron jobs without affecting WordPress file ownership and plugin updates.

[mtnlion1]

I know how to fix it. Your solution won’t work. You need tp edit /etc/cron-deny. Tyat wasn’t,why I created this issue. Bitnami neees to change the configuration of the Wordpress instance to either allow daemon to run a cron job or change the owner of Wordpress files. It is a very common need to disable the WP cron and instead schedule wp-cron updates via the system cron. Bitnami is making this very difficult for users.

From: dennis6101990leon @.> Sent: Wednesday, May 22, 2024 1:39 AM To: bitnami/vms @.> Cc: mtnlion1 @.>; Author @.> Subject: Re: [bitnami/vms] Wordpress version problem with cron user permissions and WordPress Cron cron job (Issue #1540)

To resolve the WordPress cron job permissions issue, you can edit the /etc/group file as root, add the daemon user to the cron group, and then re-login as the daemon user. Ensure the daemon user has the necessary permissions to execute cron jobs without affecting WordPress file ownership and plugin updates.

— Reply to this email directly, view it on GitHub https://github.com/bitnami/vms/issues/1540#issuecomment-2124200968 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ANQTDECDDF7AUF52TPQLQ4TZDRKRVAVCNFSM6AAAAABICJ5YQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRUGIYDAOJWHA . You are receiving this because you authored the thread. https://github.com/notifications/beacon/ANQTDEF44AX5GMALWTA5YJLZDRKRVA5CNFSM6AAAAABICJ5YQGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT6TS6AQ.gif Message ID: @. @.> >

[jotamartos]

The instructions posted here should work for you when disabling the WordPress' cron

https://docs.bitnami.com/general/apps/wordpress/configuration/disable-wordpress-cron/

Could you please take a look at it?

[mtnlion1]

I did the fix on my install. The file that needs to be edited is cron-deny. I am requesting that you either change ownership of WP files or stop blocking daemon in future releases.

From: Juan José Martos @.> Sent: Thursday, May 23, 2024 12:11 AM To: bitnami/vms @.> Cc: mtnlion1 @.>; Author @.> Subject: Re: [bitnami/vms] Wordpress version problem with cron user permissions and WordPress Cron cron job (Issue #1540)

The instructions posted here should work for you when disabling the WordPress' cron

https://docs.bitnami.com/general/apps/wordpress/configuration/disable-wordpress-cron/

Could you please take a look at it?

— Reply to this email directly, view it on GitHub https://github.com/bitnami/vms/issues/1540#issuecomment-2126386925 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ANQTDEG44HQU6B2CITWCX63ZDWI73AVCNFSM6AAAAABICJ5YQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRWGM4DMOJSGU . You are receiving this because you authored the thread. https://github.com/notifications/beacon/ANQTDEEOWIYMCG2OJ4EV443ZDWI73A5CNFSM6AAAAABICJ5YQGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT6XYLO2.gif Message ID: @. @.> >

[jotamartos]

Could you please provide more information about the changes you applied and how to reproduce the error you were running into?

[mtnlion1]

Here is the situation.

Problem: Need to disable the default WordPress internal call to thei wp-cronand nternal cron job (wp-cron) and replace it with a system cron job that will execute on a schedule. This is necessary on sites with good traffic because wp-cron executes each time a user visits.

Actions needed to replace wp-cron with a system cron job:

1. Add define ('DISABLE_WP_CRON', true); to wp-config.php
2. Add a system cron job with the command /opt/bitnami/php/bin/php /opt/bitnami/wordpress/wp-cron.php >/dev/null 2>&1

The Problem:

1. The system cron job has to be executed by the same user/group that owns the wp-content files. In the case of your Bitnami AWS implementation that is “daemon” You probhibit daemon from running cron jobs. If any other user runs the cron jobs, updates to plugins and other features will fail because they can’t be executed in production.

Workaround

            Edit /etc/cron-deny (I think that is the file) to remove daemon and then assign the system cron job to daemon.

You really need to remove the cron-deny or assign ownership of wp files to a user who can execute cron jobs.

Why this is important:

The default WordPress strategy to execute scheduled jobs by executing wp-cron is wasteful on busy sites, or doesn’t get executed often enough on sites with little traffic. The workaround above has been in use for decades. Bitnami has to support this modification since it is needed so often.

Proposed solution:

1. The easiest way is to delete cron-deny and let daemon run cron jobs.
2. The best, in my opinion, solution is to hard wire the system vron patch running every 5 minutes. There is no downside to this and it will make all of your customers more efficient.

From: Juan José Martos @.> Sent: Friday, May 24, 2024 7:35 AM To: bitnami/vms @.> Cc: mtnlion1 @.>; Author @.> Subject: Re: [bitnami/vms] [WordPress] version problem with cron user permissions and WordPress Cron cron job (Issue #1540)

Could you please provide more information about the changes you applied and how to reproduce the error you were running into?

— Reply to this email directly, view it on GitHub https://github.com/bitnami/vms/issues/1540#issuecomment-2129678742 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ANQTDEHAGZZHSK3OLSZYRQTZD5FX3AVCNFSM6AAAAABICJ5YQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRZGY3TQNZUGI . You are receiving this because you authored the thread. https://github.com/notifications/beacon/ANQTDEBNXEAIBLCKHGKLLFDZD5FX3A5CNFSM6AAAAABICJ5YQGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT66BIZM.gif Message ID: @. @.> >

[jotamartos]

You are right @mtnlion1, daemon is in the cron.deny file but you didn't follow our documentation to configure the cron job, right?

https://docs.bitnami.com/general/apps/wordpress/configuration/disable-wordpress-cron/

If you run the command in the command line, you can see that it's executed without problems

bitnami@ip-172-31-86-118:~$ sudo su daemon -s /bin/sh -c "whoami"
daemon
bitnami@ip-172-31-86-118:~$ sudo su daemon -s /bin/sh -c "cd /opt/bitnami/wordpress; /opt/bitnami/php/bin/php -q wp-cron.php"
PHP Warning:  Undefined array key "HTTP_HOST" in /bitnami/wordpress/wp-config.php on line 100
PHP Warning:  Undefined array key "HTTP_HOST" in /bitnami/wordpress/wp-config.php on line 101

[mtnlion1]

I have 2 problems with your solution:

1. It never showed up when I searched for the wp-cron disable.
2. You are having daemon execute as root. The problem with that is that most wp cron jobs are for plugins which are not certified to be safe. It’s far better to execute as daemon without the “su”.

From: Juan José Martos @.> Sent: Monday, May 27, 2024 1:55 AM To: bitnami/vms @.> Cc: mtnlion1 @.>; Mention @.> Subject: Re: [bitnami/vms] [WordPress] version problem with cron user permissions and WordPress Cron cron job (Issue #1540)

You are right @mtnlion1 https://github.com/mtnlion1 , daemon is in the cron.deny file but you didn't follow our documentation to configure the cron job, right?

https://docs.bitnami.com/general/apps/wordpress/configuration/disable-wordpress-cron/

If you run the command in the command line, you can see that it's executed without problems

@.:~$ sudo su daemon -s /bin/sh -c "whoami" daemon @.:~$ sudo su daemon -s /bin/sh -c "cd /opt/bitnami/wordpress; /opt/bitnami/php/bin/php -q wp-cron.php" PHP Warning: Undefined array key "HTTP_HOST" in /bitnami/wordpress/wp-config.php on line 100 PHP Warning: Undefined array key "HTTP_HOST" in /bitnami/wordpress/wp-config.php on line 101

— Reply to this email directly, view it on GitHub https://github.com/bitnami/vms/issues/1540#issuecomment-2132992778 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ANQTDECTAZJES45MHJOWBRDZELYG3AVCNFSM6AAAAABICJ5YQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZSHE4TENZXHA . You are receiving this because you were mentioned. https://github.com/notifications/beacon/ANQTDECMYIV6SS5Y3WVMD33ZELYG3A5CNFSM6AAAAABICJ5YQGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT7ELRQU.gif Message ID: @. @.> >

[jotamartos]

2. You are having daemon execute as root. The problem with that is that most wp cron jobs are for plugins which are not certified to be safe. It’s far better to execute as daemon without the “su”.

You are using sudo to execute a command as daemon. This is not a security issue because the command is executed as daemon.

[mtnlion1]

Why are you denying daemon direct ability to run a cron job?

From: Juan José Martos @.> Sent: Tuesday, May 28, 2024 12:29 AM To: bitnami/vms @.> Cc: mtnlion1 @.>; Mention @.> Subject: Re: [bitnami/vms] [WordPress] version problem with cron user permissions and WordPress Cron cron job (Issue #1540)

2. You are having daemon execute as root. The problem with that is that most wp cron jobs are for plugins which are not certified to be safe. It’s far better to execute as daemon without the “su”.

You are using sudo to execute a command as daemon. This is not a security issue because the command is executed as daemon.

— Reply to this email directly, view it on GitHub https://github.com/bitnami/vms/issues/1540#issuecomment-2134526603 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ANQTDEEK3YHHJMAT5RJRCMTZEQW3RAVCNFSM6AAAAABICJ5YQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZUGUZDMNRQGM . You are receiving this because you were mentioned. https://github.com/notifications/beacon/ANQTDECY444HNEJHINB6I6TZEQW3RA5CNFSM6AAAAABICJ5YQGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT7HJFIW.gif Message ID: @. @.> >

[jotamartos]

It's a good security practice not to allow users like daemon run cron jobs. This way, you need admin privileges (using sudo) to run it. If that's a problem for you, you can always edit the cron.deny file and remove the user from there.

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.