Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Capistrano deployment with common user

Tags:

deployment

capistrano

I'm trying to setup Capistrano to do our deployments, but I now stumbled upon what seems to be a common assumption of capistrano users: that the user you SSH to the remote host will have permission to write to the directory of deployment.

Here, administrators are common users with a single distinction: they can sudo. At first, I thought that would be enough, since there are some configurations related to sudo, but it seems that's not the case after all.

Is there a way around this? Creating a user shared by everyone doing deployment is not an acceptable solution.

Edit: to make it clear, no deploy action should happen without calling sudo -- that's the gateway point that checks whether the user is allowed to deploy or not, and it should be a mandatory checkpoint.

The presently accepted answer does not fit that criteria. It goes around sudo by granting extra permissions to the user. I'm accepting it anyway because I've come to the conclusion that Capistrano is fundamentally broken in this regard.

like image 885
Daniel C. Sobral Avatar asked Apr 18 '12 20:04

Daniel C. Sobral

1 Answers

I assume you are deploying to a Linux distro. The easiest way to resolve your issue is to create a group, say, deployers, and add each user who should have the permissions to deploy to that group. Once the group is created and the users are in the group, change the ownership and permissions on the deployment path.

Depending on the distro, the syntax will vary slightly. Here it is for ubuntu/debian:

Create the group:

$ sudo groupadd deployers

Add users to group:

$ sudo usermod -a -G deployers daniel

The last argument there is the username.

Next, update the ownership of the deployment path:

$ sudo chown -R root:deployers /deploy/to/path/

The syntax for is :. Here I am assuming that the user that currently owns the path is root. Update to which ever user should own the directory.

Finally, change the permissions on the deployment path:

$ sudo chmod -R 0766 /deploy/to/path/

That will allow users in the deployers group to read and write all files and directories beneath /deploy/to/path

like image 85
jarrad Avatar answered Sep 21 '22 04:09

jarrad
Sign in to Comment

Related questions

publishing a website using svn export
alter multiple mysql databases at once (SAAS database changes)
Nginx and Create React App (with React Router) full routes not working
How to speed up Azure deployment from Visual Studio 2010
How can I install my project from source with Buildout?
Rails app crashes on Heroku but runs fine locally -> "State changed from starting to crashed"
How to compile a .NET Core 2 MVC web app to an EXE?
Launching a desktop application from a web site
how to deploy the CLR functions in SQL server 2008
How Apache Ant deploys .war file to Tomcat
Push to Heroku fails: Could not find net-ssh-2.10.0 in any of the sources. Failed to install gems via Bundler
Meteor: "Error deploying application: Your account is not authorized to deploy to Galaxy"
CakePHP, CodeIgniter or Rails for multi-user Tumblr clone?
How exactly does the Heroku deployment process work?
Database deployment: script or backup
NHibernate MappingException: Could not compile the mapping document
How To Deploy Word 2010 Macros To Others?
How to Set PublishUrl of ClickOnce Application From CommandLine
blue green deployment on heroku or another cloud platform as a service
Deploying react project on Azure

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!