i am trying to do a deployment with capistrano to newly installed Ubuntu server
i am deploying to directory /var/www, owned by root, so i need to set use_sudo to true
while i execute commands with run "#{try_sudo} command" without problem, svn checkout doesn't work with sudo prefix
i try
set :deploy_via, :export
and it throws
Can't make directory '/var/www/pr_name/releases/20091217171253': Permission denied
during checkout
i imagine adding "try_sudo" prefix to "svn export" would help, but where can i edit the one it uses in deploy_via?
--
if on other hand i don't use use_sudo, and set /var/www/ directory ownership to myuser, i still cannot deploy - some of my deployment commands set folders ownership to apache user www-data and then i get something like:
changing ownership of `/var/www/pr_name/current/specificdirectory': Operation not permitted
which, if i understand correctly, has to be done with sudo
Using the sudo helper solved the problem.
Here is an example:
run "#{sudo} chown root:root /etc/my.cnf"
Try cap deploy:setup
Related
I can find plenty of references to this error, but they all point to permission issues, however my permissions appear to be fine as I can modify this folder using nano and SSH.
I'm trying to use RemoteSSH with a custom user account, user
The server is running Debian 11 and nginx
I have key based auth and I connect to the server. When I try to create or remove a file in the web folder (/var/www/html) I get this error message Error: EACCES: permission denied, <what I was trying to do, i.e. rename a file, or delete a file>
I can do all of these things using a standard SSH connection (openSSH built in to Windows 10)
The owner of /var/www/ is set to www-data (recursively)
user is a member of the group www-data
Do I need to do anything in VSCode to update permissions? Am I missing something else?
Here are the exact commands I used:
sudo adduser user www-data
sudo chown -R www-data:www-data /var/www
sudo chmod -R 0775 /var/www
OK I did a bit more Googling right after posting this, and I was able to fix this by deleting the .vscode-server folder in the home directory.
https://github.com/microsoft/vscode-remote-release/issues/3399#issuecomment-922935448
I'm not sure if there is an easier way to fix this without doing so, or having to do that every time permissions are changed.
I have a chef cookbook for deploying our webapp, there are some folders and files that need to be created and owned by www-data:www-data. When deploying the application I'm doing it by using the chef's deploy command like this in my deploy.rb recipe:
deploy "#{app_dir}" do
repository tmp_dir
user "root"
group "root"
environment app[:environment]
symlink_before_migrate({})
end
And then the creation and permission set for those files and folders are done in the before_symlink.rb script like this:
execute "ensure correct owner of storage folder" do
command "chown -R www-data:www-data #{release_path}/storage"
end
I've been debugging and I've checked this:
chown is executed, and the user exists, I can see it in the chef logs.
If I execute a sleep command right at the end of the before_symlink and then ssh into the machine I can see in the storage folder that the folder is owned by www-data as I wish.
If I execute a sleep command right after the deploy command on deploy.rb and then ssh to the machine, now the release folder will be linked to the current folder, and every file and folder will be owned by root:root causing permission errors.
So it seems that at the end of the deploy chef seems to overwrite the owner for every deployed file to the user making the deploy. Is this true? Is there any way to keep files and folders with the owner set on before_symlink.rb?
Really really don't use the deploy resource. What you want is probably a git resource, and its user property.
I am using capistrano to deplay my rails application on a Ubuntu server.
I already logged into the server and created a folder /webapps/myapp, but no sub folders from here.
Then I run
cap deploy:setup
No errors so far, so i run
cap deploy:setup
Now I get this message
You do not have permissions to write to /webapps/myapp/releases
I can get around this by logging in to the server and change the owner of releases, I just wonder why it is not created with the user I use for deploying? Is this how it work or am I missing something?
In your deploy.rb file you should specify the deployment user and if he has sudo privilege.
set :user, "william"
set :use_sudo, false
Giving sudo privilege isn't recommended, but this option exists.
The directory to which you deploy should be already owned by the deployment user "william"
I'm trying to setup Capistrano to do our deployments, but I now stumbled upon what seems to be a common assumption of capistrano users: that the user you SSH to the remote host will have permission to write to the directory of deployment.
Here, administrators are common users with a single distinction: they can sudo. At first, I thought that would be enough, since there are some configurations related to sudo, but it seems that's not the case after all.
Is there a way around this? Creating a user shared by everyone doing deployment is not an acceptable solution.
Edit: to make it clear, no deploy action should happen without calling sudo -- that's the gateway point that checks whether the user is allowed to deploy or not, and it should be a mandatory checkpoint.
The presently accepted answer does not fit that criteria. It goes around sudo by granting extra permissions to the user. I'm accepting it anyway because I've come to the conclusion that Capistrano is fundamentally broken in this regard.
I assume you are deploying to a Linux distro. The easiest way to resolve your issue is to create a group, say, deployers, and add each user who should have the permissions to deploy to that group. Once the group is created and the users are in the group, change the ownership and permissions on the deployment path.
Depending on the distro, the syntax will vary slightly. Here it is for ubuntu/debian:
Create the group:
$ sudo groupadd deployers
Add users to group:
$ sudo usermod -a -G deployers daniel
The last argument there is the username.
Next, update the ownership of the deployment path:
$ sudo chown -R root:deployers /deploy/to/path/
The syntax for is :. Here I am assuming that the user that currently owns the path is root. Update to which ever user should own the directory.
Finally, change the permissions on the deployment path:
$ sudo chmod -R 0766 /deploy/to/path/
That will allow users in the deployers group to read and write all files and directories beneath /deploy/to/path
I have a capistrano deployment recipe I've been using for some time to deploy my web app and then restart apache/nginx using the sudo command. Recently cap deploy is hanging when I try to execute these sudo commands. I see the output:
"[sudo] password for "
With my server name and the remote login, but this is not a secure login prompt. The cap shell is just hanging waiting for more output and does not allow me to type my password in to complete the remote sudo command.
Is there a way to fix this or a decent work around? I did not want to remove the sudo password prompt of my remote user for web restart commands.
This seems to happen when connecting to CentOS machines as well. Add the following line in your capistrano deploy file:
default_run_options[:pty] = true
Also make sure to use the sudo helper instead of executing sudo in your run commands directly. For example:
# not
run "sudo chown root:root /etc/my.cnf"
# but
sudo "chown root:root /etc/my.cnf"
The other advice may be sound, but I found that once I updated to Capistrano 2.5.3 the problem went away. I have to make sure I stop running the default versions of tools that came with my O/S.
# prevent sudo prompting for password
set :sudo_prompt, ""