I have an account on a shared web host which allows me to work on the server via SSH. As I have some problems installing Magento using the web installer I switched to the commandline installation. The command to install looks something like this:
php -f install.php -- \
...
--db_host "dbhost" \
--db_name "dbname" \
--db_user "username" \
--db_pass "password" \
...
--admin_username "username" \
--admin_password "password" \
...
While the command is running (and its running for a few minutes), of course everybody else on that server can see the parameters (and passwords) by inspecting running processes (with ps aux for example). I was just wondering if its possible to hide that data in some way (e.g. with some kind of wrapper scripts/programs)?
Not easily. If you wrote a wrapper script that executed that command, that command will still appear in
ps.If you knew enough PHP you could open up that
install.php, look for where it handles those user/pass flags and hardcode the values yourself (making sure the script has 700 perms so nobody else can read it), then you can run the command without needing the flags.Assuming that their script doesn't try to guess how it's being run and react inappropriately, you could do something like this:
as a new script (mode 700 again) and run it
php newinstall.php.$argvis normally the array of command arguments (starting with the name of the command) so here youunset()the existing one and create a new one with all of the commandline options you need, then youinclude()install.php to make PHP execute that script (with the doctored $argv list to make install.php think it was executed with those options).A less technical approach (and I realise ultimately not an answer to your question!), but in situations like this, for ease I have in the past just used throwaway details and once installed, change them through the admin system/generated config files.