fredistrano and php fcgi with suexec
7 views
Skip to first unread message
Edmunds Kalnins
May 9, 2009, 4:33:41 AM5/9/09
to fredistrano-discuss
Hi!
I've gotten tired of ftp-ing and rsync-ing manually and am currently
looking for a deployment mechanism for the wesites we develop and
maintain and fredistrano certainly looks like a good contender. I have
just one problem - for security reasons each of my project runs as a
separate user, using apache's suexec. That means that when rsyncing
manually I have to do sudo su userowningroject and then do rsync. What
do you think - would it be possible either to customize fredistrano or
to set up some very limited passwordless sudo for fredistrano user to
achieve this?
An another question that I couldn't find in the wiki - in case of
something going wrong with a new version aof a website - is there a
mechanism to quickly rollback to the previos version?
Thanks,
Edmunds
I've gotten tired of ftp-ing and rsync-ing manually and am currently
looking for a deployment mechanism for the wesites we develop and
maintain and fredistrano certainly looks like a good contender. I have
just one problem - for security reasons each of my project runs as a
separate user, using apache's suexec. That means that when rsyncing
manually I have to do sudo su userowningroject and then do rsync. What
do you think - would it be possible either to customize fredistrano or
to set up some very limited passwordless sudo for fredistrano user to
achieve this?
An another question that I couldn't find in the wiki - in case of
something going wrong with a new version aof a website - is there a
mechanism to quickly rollback to the previos version?
Thanks,
Edmunds
Message has been deleted
fred
May 10, 2009, 2:29:09 AM5/10/09
to fredistrano-discuss
Hi Edmunds,
Sorry but I don't know apache suexec.
With Fredistrano, It's possible to execute customs scripts at the
beginning and at the end of the deployment process,
you will find an example here : http://code.google.com/p/fredistrano/wiki/DeploymentScripts
May be you can try to switch user with these scripts "su ...."
For your second question, you can deploy a specific version number
(see 4.2.2 Project deployment step 3), so can you deploy a previous
version.
Regards,
Frederic
Sorry but I don't know apache suexec.
With Fredistrano, It's possible to execute customs scripts at the
beginning and at the end of the deployment process,
you will find an example here : http://code.google.com/p/fredistrano/wiki/DeploymentScripts
May be you can try to switch user with these scripts "su ...."
For your second question, you can deploy a specific version number
(see 4.2.2 Project deployment step 3), so can you deploy a previous
version.
Regards,
Frederic
Edmunds Kalnins
May 11, 2009, 8:15:52 AM5/11/09
to fredistrano-discuss
> Sorry but I don't know apache suexec.
It just means that each website runs under it's own user, not "apache"
or "www-data". One benefit of this also is that you don't need 777
permissions for tmp and upload.
> With Fredistrano, It's possible to execute customs scripts at the
> beginning and at the end of the deployment process,
> you will find an example here :http://code.google.com/p/fredistrano/wiki/DeploymentScripts
> May be you can try to switch user with these scripts "su ...."
instead of command being
rsync /from/here /to/there
its
sudo -u otheruser rsync /from/here /to/there
but the more I think about this, the more it seems like not the
problem of Fredistrano but of my server setups, so ill look fore some
other way to solve this problem.
> For your second question, you can deploy a specific version number
> (see 4.2.2 Project deployment step 3), so can you deploy a previous
> version.
http://blog.matsimitsu.nl/cakephp/222/deploying-a-cakephp-app-with-capistrano
where the latest few releases are kept on the production server, so
switching takes a millisecond instead of a minute or two (or even much
longer, if you have to search for the revision number) ... maybe you
can add this to wishlist
Reply all
Reply to author
Forward
0 new messages