Geek Answers Handbook

Deploying Capistrano with a regular user

I am trying to configure Capistrano to perform our deployments, but now I came across what seems to be a common assumption of capistrano users: the user you are using SSH to the remote host will have write permission to the deployment directory.

Here, administrators are regular users with the only difference: they can sudo. At first I thought it would be enough, since there are some configurations related to sudo, but it seems that it is not.

Is there any way around this? Creating a user used by everyone who does the deployment is not an acceptable solution.

Edit: to make this clear, the deployment action should not occur without calling sudo - that is the gateway point that checks whether the user is allowed to deploy or not, and should be a mandatory checkpoint.

Currently the accepted answer does not meet these criteria. This happens around sudo, granting additional permissions to the user. I accept this anyway, because I have come to the conclusion that Capistrano is fundamentally disturbed in this regard.

+7
source share
1 answer

I assume you are deploying a Linux distribution. The easiest way to solve your problem is to create a group of, say, scanners, and add each user who must have permissions to deploy in this group. When the group is created and users are in the group, change the ownership and permissions of the deployment path.

The syntax will be slightly different depending on the distribution. Here for ubuntu / debian:

Create a group:

$ sudo groupadd deployers

Add users to the group:

$ sudo usermod -a -G deployers daniel

The last argument is the username.

Then update the ownership of the deployment path:

$ sudo chown -R root:deployers /deploy/to/path/

Syntax for :. Here I assume that the user who owns this path is root. The update to which the user should ever belong.

Finally, change the permissions on the deployment path:

$ sudo chmod -R 0766 /deploy/to/path/

This will allow users of the development group to read and write all files and directories under /deploy/to/path

+19
source

More articles:


All Articles