We have following pattern in server management - all users do have their own user, but deploy is fully performed by special deploy user, without direct login possibility.
We used this method in Capistrano 2.x:
default_run_options[:shell] = "sudo -u deploy bash"
$ cap stage deploy -s user=thisisme
I'm aware that Capistrano 3.x has method to switch user directly:
task :install do
on roles(:all) do
as :deploy do
execute :whoami
end
end
end
But this code will fill all tasks, and default tasks will not inherit deploy user anyway. Is it ever possible to set up login user directly without dragging this code to each task?
Since I had received no proper answer and didn't got the idea myself, I decided to ask authors. Capistrano 3.x uses SSHKit to manage remote execution commands, and here's their answer:
You could try overriding the command map such that every command gets prefixed with the desired sudo string. https://github.com/capistrano/sshkit/blob/master/README.md#the-command-map
SSHKit.config.command_map = Hash.new do |hash, command|
hash[command] = "<<sudo stuff goes here>> #{command}"
end
The documentation says "this may not be wise, but it would be possible". YMMV
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With