Capistrano group and file permission best practices

3,017 views
Skip to first unread message

David Rice

unread,
Oct 27, 2006, 9:31:57 AM10/27/06
to capis...@googlegroups.com
Hi there,

In work we were discussing the issues we occasionally come across with deployments using capistrano, and wondered if there are any best practices to solve them.

We are getting problems with Group and File permissions that we're solving with the following two tasks... however we want to move to a single deployment user that can be shared across the development team, and we don't want to give that user sudo access. Any ideas out there?

Group Permissions
We have found that when deploying applications that a lot of the permission errors can be fixed by running the following;

desc "Change group to www-data"
task :chown_to_www-data, :roles => [ :app, :db, :web ] do
sudo "chown -R #{user}:www-data #{deploy_to}"
end


File Permissions
We have problems with the following folders, which are in subversion (with their contents ignored).
 
#{current_path}/tmp
#{current_path}/log
#{current_path}/public/system

desc "Fix file permissions"
task :fix_file_permissions, :roles => [ :app, :db, :web ] do
sudo "chmod -R g+rw #{current_path}/tmp"
sudo "chmod -R g+rw #{current_path}/log"
sudo "chmod -R g+rw #{current_path}/public/system"
end

Best,
David Rice

Jamis Buck

unread,
Oct 27, 2006, 10:41:33 AM10/27/06
to capis...@googlegroups.com
David,

The next release of Capistrano will do "chmod -R g+w" on the new
release during the update_code task, which should fix group
permissions issues. Regarding the second set of directories you
indicated, those directories are all explicitly removed and then
symlinked by Capistrano on each deploy. You should be able to fix
your permission issues once by chmoding the #{shared_path} and its
contents. After that, they won't change, since the shared directory
is not touched by the deploy process.

- Jamis

> --~--~---------~--~----~------------~-------~--~----~
> To unsubscribe from this group, send email to capistrano-
> unsub...@googlegroups.com
> For more options, visit this group at http://groups.google.com/
> group/capistrano
> -~----------~----~----~----~------~----~------~--~---
>

Reply all
Reply to author
Forward
0 new messages