Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Capistrano using sudo even with "set :use_sudo, false"

Tags:

sudo

ruby-on-rails-3

capistrano

rvm-capistrano

I do not wish to use sudo for any of my remotely executed commands via Capistrano. Specifically, when I run cap deploy:setup, I'm asked for my sudo password during the first mkdir command. I added set :use_sudo, false to my deploy.rb file, but this did not make a difference.

I started with a fairly complete deploy.rb file, but whittled it down once I started having issues. Here is my minimal version that still shows use_sudo not being respected:

# App Definitions

set :domain, '[server-ip]'
role :app, domain
role :web, domain
role :db, domain, :primary => true

set :user, "my_app"
set :use_sudo, false

task :sudo_test do
  run "#{try_sudo} whoami"
end

running cap sudo_test results in me being prompted for my sudo password. What am I missing here (besides the hair I've already pulled out)?

Google Findings

https://groups.google.com/forum/?fromgroups#!topic/capistrano/QNYnvW8obrg

A thread with someone having a similar issue. No conclusion/resolution noted in the thread.

like image 808
YWCA Hello Avatar asked May 25 '12 21:05

YWCA Hello

2 Answers

For anyone else who runs into this issue and is a fool like me. Make sure you arn't quoting false. I had:

set :use_sudo, "false"

and when I switched it to

set :use_sudo, false

most things started working the way I expected. As YWCA Hello points out there are still commands that ignore the use_sudo setting. However, don't forget to set it correctly.

like image 198
Dan Green Avatar answered Sep 21 '22 14:09

Dan Green

Apparently, it is not possible to disable sudo functionality with certain capistrano tasks. The assumption is that the unprivileged user on the server should not be able to carry out certain tasks.

The command in question is mkdir. I'd argue that an unprivileged user should be able to run this command if the parent folder is one that they have permission to do so for. I'd also argue that the user may in fact be a privileged user, such as root. Best practice? Not necessarily. Within the realm of reason for certain deployments, yes.

Here is the link to the response to my original question:

https://github.com/capistrano/capistrano/issues/211#issuecomment-7667467

like image 20
YWCA Hello Avatar answered Sep 17 '22 14:09

YWCA Hello
Sign in to Comment

Related questions

Rails 3 Cocoon link_to_add_association Renders Partial Twice
Get first N characters from string without cutting the whole words
Need to use add_index on migration for belongs_to/has_many relationship? (Rails 3.2, Active Record)
Add model administration to Active Admin - Rails 3
How do you use the "LIKE" query for jsonb column types in PostgreSQL?
Ideal Rails Server
counter_cache in single table inheritance
Default value not populating in migration with Rails and Postgresql
Devise: authentication_token column in user model is null
unscope only the order statements
OmniAuth doesn't work with Route Globbing in Rails3
Why is ActiveRecord::Base#update_attributes deprecated?
Rails3 SQL logging output in a separate file
Rails: is there a way to tell the source of the request?
Ruby/Rails: Converting a range into a hash
Rails how to change attribute name when rendering json?
What is the link_to path to a non-resourceful route?
Rails can't modify frozen string
Specify SSL for Heroku external MySQL database connection
How do I change a string column into a bigint?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!