Happy to report that I finally got a wp-cli command to work using su. Here again it was the security of my hosting environment that needed to be dealt with, and I fear that the solution is no more secure than running wp-cli as root.

The issue that was causing the listings to be severly limited and preventing the shell user from finding the wp binary was the CageFS: https://docs.cloudlinux.com/cloudlinux_os_components/#cagefs

To circumvent this I created the file /etc/cagefs/custom.proxy.commands and added WP=/usr/bin/wp then ran cagefsctl --update.

The upside of this is that I can now run wp-cli commands, for example:
su -s /usr/bin/bash userx -c 'cd /home/userx/public_html && wp post list'
will now properly output a result.

However, the downside is that I am now allowing wp-cli to run outside of the user jail. I would need allot of convincing that this is somehow better than using --allow-root, especially since I have yet to get an explanation of exactly what doing so does, and my observations lead me to believe it is no more than create files and folders with root user and group ownership. This would be my third time in this thread stating how trivial it actually is to reset the ownership and permissions. It would be really nice to just get a straight answer to my original question in the original post.

• This reply was modified 2 years, 5 months ago by p42john.
• This reply was modified 2 years, 5 months ago by p42john.
• This reply was modified 2 years, 5 months ago by p42john.

I am adding this in case it helps anyone who finds this thread.

Although I strongly suspect that using --allow-root would work and still be safe as long as you reset the ownership and permissions to be correct for the user. I don’t want to do this without confirmation that is the only thing that gets changed in using the --allow-root option.

This is what I use on my cPanel servers for said ownership and permissions resets. It is specific to cPanel, to it does it intelligently.
https://github.com/PeachFlame/cPanel-fixperms

I have experimented with the method mentioned by @diondesigns and have found that if I add the -c option I can have it run a specific command as that user, using the specified shell. This provides a way to run a command in a script non-interactively. I suspect if I bundle all the wp-cli commands that I need to run into a script that I call from the script I am running, I can call it from the su command and have it’s contents run as the intended user.

I still need to do some experimenting, but in my preliminary test of having it create a file with touch in the user’s home directory, it did create the file with the user and group of the intended user.

From here anyone with the same question should have what they need to create a script in a no user shell environment that properly runs with the user permissions. Obviously this is only relevant to service providers and self hosting, and not to people using shared hosting. If I run into any unexpected surprises in getting this to work, I will report back.

Telling me how I should be able to get a user shell after I stated that user shells are not available does not provide an answer to my question, nor a useable solution.

Does anyone know the answer to the question I quite directly asked?