Prompt for temporary access when file system is not writable

Automated updates with a password stored-on-disk or in-a-script for ftp seems pretty in-secure too. At some level, updating the site is going to require some access to write to the disk. And the trigger for applying those updates can be a drush cron run as any system user via system cron. This approach would preclude the need for ftp credentials and work with the existing setup in this module.

There is a complicated set of issues around opcode cache if run via CLI and opcode is enabled, but there are some work arounds for that using https://github.com/gordalina/cachetool.

I'm inclined to close as works as designed, but let's see if I've mis-represented the problem in an overly simplified manner. For the mean time, moving to postponed.

I was envisioning that automatic updates happened without human interaction. I'm confused if we require humans to enter a password; because if we require humans, I don't consider that to be automated updates any more. And the point of this effort is to remove the human element.

Long week with the virtual con... but if I understand your last comment, then you can do exactly that right now via drush and linux cron. There isn't a slick web UI to set things up, but that also helps with cross-platform compatibility as run-as on Windows vs Linux vs your platform of choice is going to be somewhat different.

For linux, just use its system cron to trigger drush cron-run as your privileged system user.

Thanks for keeping with your feedback. Yes, we need to improve the docs and best practices/guidance around how to use this module. Let's do that!

If you intend to rely on the FileTranfser classes to do this, and you actually think that could still work, you need to speak up (quickly?) in #3491731: [META] Remove the ability to update modules and themes via authorize.php. The current MR there completely removes that entire API (along with authorize.php and related methods from system.module). Everyone (so far) thinks it’s legacy cruft that no one could possibly care about anymore and doesn’t even deserve to be deprecated before removal. 😅

I’m extremely familiar with the goal of UI-based updates for sites configured in depth. I have championed that approach since D6, and wrote the bulk of this code in the first place. You don’t have to explain to me how it works or why in principle it’s a good idea.

However, I’m no longer convinced that any site with httpd running as another user than the one who owns the files will be maintained by someone who is CLI averse. It’s only wild speculation, but my sense is the intersection of those two sets is vanishingly small, and not worth bogging down core with technical debt to support.

It’s absolutely worth making the UI play nicely with a cron-driven “sudo” step. That’s already been done. But actually requiring manually logging in via FileTransfer directly as part of the UI seems unnecessary.

Point 2 in remaining tasks is already done. Adding links.

For clarity, the “cron-driven sudo” step that’s already supported is not via Drupal’s hook cron, which “might be triggered by any user”. I/we are talking about good ole *nix crontab, and specifically setting up the script completely outside of Drupal.