Capistrano Best Practices: Users + Permissions

1 view
Skip to first unread message

Mark Dodwell

unread,
May 8, 2008, 11:04:30 AM5/8/08
to rubyonrails...@googlegroups.com
Hello!

What would people recommend for a best practice Capistrano config,
specifically re: users and permissions? My current config is something
like:

- Have a non-root user setup on my remote box (which is the web, app +
db server) - who is a sudoer
- Have a group 'deployers' to which that account belongs
- The root user owns the deploy_to parent directory, but the group owner
is 'deployers' and that directory has 775 permissions.
- The deploy script uses ssh_agent forwarding to allow it to check out
the code from another server which is the SVN repository
- The deploy script runs as the non-root user
- The use_sudo is true (the capistrano default) and sudo is used to
restart the mongrel cluster and nginx webserver (there are other apps on
the server too)

Any feedback on this setup -- how are other people doing it?

Cheers,

~ Mark
--
Posted via http://www.ruby-forum.com/.

Jamis Buck

unread,
May 8, 2008, 5:26:23 PM5/8/08
to rubyonrails...@googlegroups.com
That looks pretty much like how I do things, for whatever that's
worth. :)

- Jamis

Tom Copeland

unread,
May 10, 2008, 10:29:51 AM5/10/08
to rubyonrails...@googlegroups.com

On Thu, 2008-05-08 at 17:04 +0200, Mark Dodwell wrote:
> Hello!
>
> What would people recommend for a best practice Capistrano config,
> specifically re: users and permissions? My current config is something
> like:
>
> - Have a non-root user setup on my remote box (which is the web, app +
> db server) - who is a sudoer
> - Have a group 'deployers' to which that account belongs
> - The root user owns the deploy_to parent directory, but the group owner
> is 'deployers' and that directory has 775 permissions.
> - The deploy script uses ssh_agent forwarding to allow it to check out
> the code from another server which is the SVN repository

I prefer using "deploy_via copy", but other than that, this looks good
to me...

Yours,

tom


Reply all
Reply to author
Forward
0 new messages