Using sudo doesn't necessarily mean that you're giving away full root access. You can allow sudo access for a particular command only, and/or allow sudoing as a particular user only. "man sudoers" for more info. (If you allow sudo access for a script just make sure it's not writable.)
I would use sudo to start mongrel as a special user (with login disabled), named "mongrel" perhaps. Make sure the rails app dir is writable by the user that mongrel runs as too (your chgrp call probably takes care of that. On 10/15/07, Mislav Marohnić <[EMAIL PROTECTED]> wrote: > > Hello everyone, > > Until now, probably like most of you, my projects were usually deployed by > a single person and usually with superuser rights. > > With a new project for a remote team I wanted to switch things around. On > my own server I've set up a deployment directory inside my own home dir and > I spawn a couple of Mongrels upon deployment. I only use sudo for Nginx > configuration; setting up vhosts mostly. > > See this simple deployment recipe: http://pastie.caboo.se/107359 > > I've set up this project, which needs to be deployed by anyone from the > team, to be owned by a group I created (here called "mygroup"). I've set up > callbacks that execute "chgrp" on deployed files and symlinks. > > The problem is Mongrels. If I deploy as Mislav, a guy named Thomas won't > be able to deploy the app because restart operation will fail - he can't > signal a process that was daemonized by me. Mongrel has "--user" and > "--group" options, but those are only available with sudo priviledges. > > Does anyone have an idea how to solve this or work around it? I'd like to > avoid deploying as sudo or forcing the team, including me, to use a single > user for deployment. > > Thanks, > Mislav > > > > -- http://pauldowman.com --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
