Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Permanently switching user in Capistrano 3 (separate authorization & deploy)

We have following pattern in server management - all users do have their own user, but deploy is fully performed by special deploy user, without direct login possibility.

We used this method in Capistrano 2.x:

default_run_options[:shell] = "sudo -u deploy bash"

$ cap stage deploy -s user=thisisme

I'm aware that Capistrano 3.x has method to switch user directly:

task :install do
    on roles(:all) do
        as :deploy do
            execute :whoami
        end
    end
end

But this code will fill all tasks, and default tasks will not inherit deploy user anyway. Is it ever possible to set up login user directly without dragging this code to each task?

like image 476
Meredian Avatar asked Jun 25 '14 04:06

Meredian


1 Answers

Since I had received no proper answer and didn't got the idea myself, I decided to ask authors. Capistrano 3.x uses SSHKit to manage remote execution commands, and here's their answer:

You could try overriding the command map such that every command gets prefixed with the desired sudo string. https://github.com/capistrano/sshkit/blob/master/README.md#the-command-map

SSHKit.config.command_map = Hash.new do |hash, command|
  hash[command] = "<<sudo stuff goes here>> #{command}"
end

The documentation says "this may not be wise, but it would be possible". YMMV

like image 157
Meredian Avatar answered Nov 16 '22 03:11

Meredian