Permissions on server
157 views
Skip to first unread message
JDS
Aug 19, 2008, 11:58:51 AM8/19/08
to Capistrano
This is my first run through with Capistrano (v2.4.3) , so I've
followed the instructions (in "Deploying Rails Applications") and It
Doesn't Work (tm).
What's killing me is that "cap deploy:setup" creates the basic
directory structure using sudo, but then when I "cap deploy" it
doesn't bother with sudo and hence errors out saying "can't create the
directory". I get the same problem whether I use the default /u/apps/
#{application} or /home/#{user}/someplace-else.
There's an earlier thread mentioning the same problem, and the given
solution is to add "set use_sudo, :false" to deploy.rb
Which is fine if it works, but if you can never get anything to work
without this setting why is use_sudo defaulting to :true?
Either things have evolved since the instructions in "Deploying Rails
Applications" was printed or I'm missing something extremely obvious.
My setup is;-
Client server, used for development, and hosting svn. SSH to local
network staging server with a different username and password. If I
manually SSH to the staging server then I can svn export the bits I
need perfectly OK.
So I know the only problem is the permissions set up on the root
directories created by "cap deploy:setup". Should I edit the
permissions? If I have to edit them then why are they set up the way
they are? Why can't I just do "cap deploy:setup" followed by "cap
deploy"?
All comments appreciated
John Small
followed the instructions (in "Deploying Rails Applications") and It
Doesn't Work (tm).
What's killing me is that "cap deploy:setup" creates the basic
directory structure using sudo, but then when I "cap deploy" it
doesn't bother with sudo and hence errors out saying "can't create the
directory". I get the same problem whether I use the default /u/apps/
#{application} or /home/#{user}/someplace-else.
There's an earlier thread mentioning the same problem, and the given
solution is to add "set use_sudo, :false" to deploy.rb
Which is fine if it works, but if you can never get anything to work
without this setting why is use_sudo defaulting to :true?
Either things have evolved since the instructions in "Deploying Rails
Applications" was printed or I'm missing something extremely obvious.
My setup is;-
Client server, used for development, and hosting svn. SSH to local
network staging server with a different username and password. If I
manually SSH to the staging server then I can svn export the bits I
need perfectly OK.
So I know the only problem is the permissions set up on the root
directories created by "cap deploy:setup". Should I edit the
permissions? If I have to edit them then why are they set up the way
they are? Why can't I just do "cap deploy:setup" followed by "cap
deploy"?
All comments appreciated
John Small
Andrew Fiedler
Aug 24, 2008, 1:36:14 AM8/24/08
to Capistrano
Hi John,
I've run into the exact same problem with Capistrano 2.4.3. Without
"set :use_sudo, false" Capistrano creates all files and directories
owned by the root user. This is causes major issues with running "cap
deploy" because a normal user can't svn export to these folders and
all "cap deploy" commands will fail with permissions errors.
Also I've noticed that Capistrano will try to use && and parenthesis
to run both the svn export and a echo command to create the REVISIONS
file like this:
command "svn checkout -q -r20 https://svn.mysite.com/repos/trunk/ /
home/site/releases/20080824041856 && (echo 20 > /home/site/releases/
20080824041856/REVISION)"
This will NOT work even if capistrano is appending sudo in front of
"svn checkout" because everything after && will be executed as the
normal user, causing the command to fail. (Just try running "sudo
whoami && whoami").
Additionally, this could be a security issue with users running their
sites on mod_rails (Passenger). I believe mod_passenger will run spawn
rails processes as whatever user owns "environment.rb" (which in this
case would be root). I bet (hope) there are checks in mod_rails to
prevent this, but in any case the rails processes probably won't be
run as the correct user.
Capistrano seems to work fine with "set :use_sudo, false". To fix
this, I deleted everything (files/directories) created by capistrano
and then "set :use_sudo, false" in deploy.rb and re-ran "cap
deploy:setup" and "cap deploy:cold".
Hope that helps someone. Probably should add this to the documentation
because I bet many users will have the same problem.
-Andrew Fiedler
I've run into the exact same problem with Capistrano 2.4.3. Without
"set :use_sudo, false" Capistrano creates all files and directories
owned by the root user. This is causes major issues with running "cap
deploy" because a normal user can't svn export to these folders and
all "cap deploy" commands will fail with permissions errors.
Also I've noticed that Capistrano will try to use && and parenthesis
to run both the svn export and a echo command to create the REVISIONS
file like this:
command "svn checkout -q -r20 https://svn.mysite.com/repos/trunk/ /
home/site/releases/20080824041856 && (echo 20 > /home/site/releases/
20080824041856/REVISION)"
This will NOT work even if capistrano is appending sudo in front of
"svn checkout" because everything after && will be executed as the
normal user, causing the command to fail. (Just try running "sudo
whoami && whoami").
Additionally, this could be a security issue with users running their
sites on mod_rails (Passenger). I believe mod_passenger will run spawn
rails processes as whatever user owns "environment.rb" (which in this
case would be root). I bet (hope) there are checks in mod_rails to
prevent this, but in any case the rails processes probably won't be
run as the correct user.
Capistrano seems to work fine with "set :use_sudo, false". To fix
this, I deleted everything (files/directories) created by capistrano
and then "set :use_sudo, false" in deploy.rb and re-ran "cap
deploy:setup" and "cap deploy:cold".
Hope that helps someone. Probably should add this to the documentation
because I bet many users will have the same problem.
-Andrew Fiedler
Donovan Bray
Aug 25, 2008, 10:37:56 AM8/25/08
to capis...@googlegroups.com
I use passenger and by default it does execute as the owner of
environment.rb. I deploy everything with capistrano as root. I have a
task that creates a system user that matches the application name;
then use a before start and restart task to chown the deploy_to
location as the system user.
environment.rb. I deploy everything with capistrano as root. I have a
task that creates a system user that matches the application name;
then use a before start and restart task to chown the deploy_to
location as the system user.
Reply all
Reply to author
Forward
0 new messages