permission denied when executing "sftp upload..." in cap deploy

1,041 views
Skip to first unread message

Chou Chiang

unread,
Sep 4, 2013, 3:40:42 AM9/4/13
to capis...@googlegroups.com
Hi All,

I meet a permission problem in the process of deploying jekyll to my production server(Ubuntu 12.04 LTS). Here's what I'm getting in response to "cap deploy".

  * 2013-09-04 06:58:23 executing `deploy'
  * 2013-09-04 06:58:23 executing `deploy:update'
    triggering before callbacks for `deploy:update'
  * 2013-09-04 06:58:23 executing `deploy:update_jekyll'
 ** transaction: start
  * 2013-09-04 06:58:23 executing `deploy:update_code'
  * getting (via checkout) revision  to /home/lee/blog/20130904065823
    executing locally: cp -R _site /home/lee/blog/20130904065823
    command finished in 2ms
  * Compressing /home/lee/blog/20130904065823 to /home/lee/blog/20130904065823.tar.gz
    executing locally: tar czf 20130904065823.tar.gz 20130904065823
    command finished in 3ms
    servers: ["zh****by.com"]
Password:
 ** sftp upload /home/lee/blog/20130904065823.tar.gz -> /tmp/20130904065823.tar.gz
    [zh****by.com] /tmp/20130904065823.tar.gz
*** upload via sftp failed on zh***by.com: Net::SFTP::StatusException (Net::SFTP::StatusException open /tmp/20130904065823.tar.gz (3, "permission denied"))
*** [deploy:update_code] rolling back
  * executing "rm -rf /home/lee/apps/blog/releases/20130904065823; true"
    servers: ["zh****by.com"]
    [zh****by.com] executing command
    command finished in 4ms
upload via sftp failed on zh****by.com: Net::SFTP::StatusException (Net::SFTP::StatusException open /tmp/20130904065823.tar.gz (3, "permission denied"))

It seems that this is because sftp have no permission to access /tmp directory.And This can be solved by chmod -R 777 tmp/ . However, I don't think it's a good idea for every to have full control of /tmp directory.
So what can I do to solve this problem?

BTW, I am particularly interested in understanding the permission of Linux. For example, why 'cp' have no permission to access the /tmp directory after I change the owner of /tmp to current user?
I deeply appreciate the people who can teach me something about that.

Thank you very much!

Lee Hambley

unread,
Sep 4, 2013, 5:46:06 AM9/4/13
to capistrano
You should not change the permissions on /tmp, or the ownership. By default /tmp is writable by all users, if that's not true on your system, you either have some obscure security settings (selinux, apparmor??) or you have broken something.

Please check with the community/support of your distribution.

--
--
* You received this message because you are subscribed to the Google Groups "Capistrano" group.
* To post to this group, send email to capis...@googlegroups.com
* To unsubscribe from this group, send email to capistrano+...@googlegroups.com For more options, visit this group at http://groups.google.com/group/capistrano?hl=en
---
You received this message because you are subscribed to the Google Groups "Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Donovan Bray

unread,
Sep 4, 2013, 11:56:04 AM9/4/13
to capis...@googlegroups.com
chmod -R 777 tmp/ 

tmp/ != /tmp

Be careful using relative directory names. 

It's unlikely that if /tmp is not world writeable you'll have the necessary privs to change it unless you are the one that changed its permissions to begin with; which would have been a mistake. 

You shouldn't mess with ownership of /tmp itself. 


I suspect you have damaged permissions of the /tmp directory and/or possibly chrooted or otherwise misconfigured your sftp configuration. You can try setting the strategy to use :via => :scp and see if you get different results. 

I'm unfamiliar with setting the default copy method with other strategies because I've never had the occasion to use a copy strategy but I know it can be overridden. 
--

Donovan Bray

unread,
Sep 4, 2013, 10:22:49 PM9/4/13
to capis...@googlegroups.com
If you want to FIX the problem both Lee and I have pointed you in the right direction based on the information you've given. 

If you want to LEARN Linux then nothing beats doing an LFS installation. 


I did it many years ago and it answered a ton of 'Why? Questions' that I benefit from even today.

It will give you names for patterns you've seen but never knew and give you the reasons why it is that way. 
It will give you a new appreciation for package management, and the hard work packagers contribute. 
It will give you a new appreciation for the excellent mature distributions we have available to us now. 
I guarantee you won't be afraid to compile apps from source anymore. 

If you want to learn more after doing LFS, install the following distributions in different vms and get used to them and their differences. 

Try setting up your application on each one of them. 

net-bsd or free-bsd
Redhat or fedora
Debian or Ubuntu 
Gentoo

Gentoo is a lot of fun but I don't use it in production nor would I use LFS, but as learning tools they are excellent. 

Good luck. 

On Sep 4, 2013, at 12:40 AM, Chou Chiang <jz.b...@gmail.com> wrote:

Hi All,

I meet a permission problem in the process of deploying jekyll to my production server(Ubuntu 12.04 LTS). Here's what I'm getting in response to "cap deploy".

  * 2013-09-04 06:58:23 executing `deploy't

--
Reply all
Reply to author
Forward
0 new messages