Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Handling shared/tmp in a Ruby on Rails project when the deploy user is different than the run user

Tags:

permissions

ruby-on-rails

capistrano

I have two users on my server, an Ubuntu 12.04 virtual server that I manage myself:

  • projectx is used to deploy the application and is the user/group for most files in /var/www/projectx
  • projectx_rails and it's used to run the Rails application. That way, the running rails application doesn't have access to modify the source code.

Some directories, like public/uploads, are configured to belong to projectx_rails:projectx_rails, so that the rails app can write the uploaded files.

My problem comes to the directory tmp. This directory is located in /var/www/projectx/shared and linked to each release in the usual capistrano way of handling releases. The problem is that some files created during deployment are then not writable by the running rails app and files created by the rails app are not writable by the deployment process.

Is there a way to handle this? Having all the files there belong to projectx_rails:projectx_rails and be group writable would be good enough, but I'm not sure how to trigger this.

I'm using: Capistrano 3, Rails 3.2, Ruby 2.1.2, Unicorn 4.8.3, nginx.

like image 604
pupeno Avatar asked May 27 '14 09:05

pupeno

3 Answers

Well, this is my theory. It is obviously hard to test on my end, so consider it conjecture.

First: make a group that both users belong to. Like projectx_shared.

Second: make this group the group owner of the tmp directory:

chown projectx_rails:projectx_shared tmp

Third: set the setgid bit on this directory:

chmod g+s tmp

Now, the group owner of files added to tmp should be set to projectx_shared automatically. I think this will apply to capistrano tasks as well.

I'm assuming when you deploy, files already get rw-rw-r-- permissions automatically. If not, you'll need to set your UMASK to 002 in your, e.g. .bashrc as well.

Let me know if it works...

like image 153
gwcoffey Avatar answered Oct 24 '22 11:10

gwcoffey

May be use ACL for shared files? The only thing that, enable ACL support in fstab.

setfacl -m d:u:projectx:rwx,u:projectx:rwx,\
d:u:projectx_rails:rwx,u:projectx_rails:rwx /var/www/projectx/shared/tmp
like image 20
Vakiliy Avatar answered Oct 24 '22 12:10

Vakiliy

You can run commands on the remote machine through capistrano. You could run a directory owner change after, lets say, symlinking the application.

In your deploy.rb file, add a callback for it:

after 'deploy:create_symlink' do
  run "chown -R projectx_rails:projectx_rails #{current_release}/tmp"
end
like image 1
Fer Avatar answered Oct 24 '22 13:10

Fer
Sign in to Comment

Related questions

How do I sort a table by the maximum value of associated records?
ActiveRecord: milliseconds aren't taken into account when using a where clause
Setting default integer values in activerecord
Adding prefix to a named route helper under namespace
Can't deploy rails4 project with capistrano. rbenv: version `2.0.0' is not installed
Rails 4, Live Streaming, stays open, blocking requests
Eager load HTML/erb templates in Rails for AngularJS
Is there a difference between 'expect' and 'should' in RSpec?
Rspec Authorization in Rails
How to create a custom page in ActiveAdmin gem
Rails generate migration not working
Absolutely stuck trying to create nested association in rails form with has_many through
PG::DependentObjectsStillExist: ERROR when using rspec
Rails UJS confirm box cancel button callback
rails 4 password confirmation ca
Rails rendering instance variable from application.html.erb
Ruby Each loop in slim-lang
Poltergeist Stripe checkout.js
Can't install rails - "File exists @ dir_s_mkdir" error
How long is too long for a test suite? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!