For some reason composer.phar isn’t available in the directory of the curl operation, but anyway, I then ran the command composer, and got this output:
I clicked the link and read that short page but I couldn’t understand it. For example, I couldn’t understand this:
It was always discouraged to run Composer as root for the reasons detailed below.
As of Composer 2.4.2, plugins are disabled automatically when running as root and there is no sign that the user is consciously doing this. There are two ways this user consent can be given:
If you run interactively, Composer will prompt if you are sure that you want to continue running as root. If you run non-interactively, plugins will be disabled, unless…
If you set the COMPOSER_ALLOW_SUPERUSER environment variable to 1, this also indicates that you intended to run Composer as root and are accepting the risks of doing so.
If Composer developers expect me not to run Composer as root or sudoer, than how sould I run it? Should I create a specific user for it which isn’t a sudoer? How does it help?
Oh and if it helps you help me in any way – I just need Composer for Drupal, nothing more besides Drupal.
Running Composer as the root user is generally not recommended as it may introduce security risks. Instead, you should run Composer using regular user privileges. However, some commands within Composer may require elevated permissions, and at the same time you can use “sudo” for these specific tasks, without running the full Composer process as the root user. This approach ensures better security while allowing necessary operations to be performed with elevated privileges when needed.
I am not a Linux expert but in my learning I often see articles saying to not use root. Such as in security - Why is it bad to log in as root? - Ask Ubuntu. The experts (seem) to say do not use root. They say use sudo instead, when it is needed and only when it is needed.
That’s not the topic of this discussion so I will only say that I have used root in various operating systems about 30 years and generally didn’t have any problem besides corrupted web browser in Windows once.
If the root account itself is protected by a strong standard keypair AND a password and is used only for standard, well documented and well criticized operations, then in my opinion there shouldn’t be a problem.
I do not use root if a specific application issue a warning about using it as root. For example, I don’t use Composer (PHP dependency manager) as root.