I use passenger and by default it does execute as the owner of environment.rb. I deploy everything with capistrano as root. I have a task that creates a system user that matches the application name; then use a before start and restart task to chown the deploy_to location as the system user.
On Sat, Aug 23, 2008 at 10:36 PM, Andrew Fiedler <[EMAIL PROTECTED]> wrote: > > Hi John, > > I've run into the exact same problem with Capistrano 2.4.3. Without > "set :use_sudo, false" Capistrano creates all files and directories > owned by the root user. This is causes major issues with running "cap > deploy" because a normal user can't svn export to these folders and > all "cap deploy" commands will fail with permissions errors. > > Also I've noticed that Capistrano will try to use && and parenthesis > to run both the svn export and a echo command to create the REVISIONS > file like this: > > command "svn checkout -q -r20 https://svn.mysite.com/repos/trunk/ / > home/site/releases/20080824041856 && (echo 20 > /home/site/releases/ > 20080824041856/REVISION)" > > This will NOT work even if capistrano is appending sudo in front of > "svn checkout" because everything after && will be executed as the > normal user, causing the command to fail. (Just try running "sudo > whoami && whoami"). > > Additionally, this could be a security issue with users running their > sites on mod_rails (Passenger). I believe mod_passenger will run spawn > rails processes as whatever user owns "environment.rb" (which in this > case would be root). I bet (hope) there are checks in mod_rails to > prevent this, but in any case the rails processes probably won't be > run as the correct user. > > Capistrano seems to work fine with "set :use_sudo, false". To fix > this, I deleted everything (files/directories) created by capistrano > and then "set :use_sudo, false" in deploy.rb and re-ran "cap > deploy:setup" and "cap deploy:cold". > > Hope that helps someone. Probably should add this to the documentation > because I bet many users will have the same problem. > > -Andrew Fiedler > > On Aug 19, 11:58 am, JDS <[EMAIL PROTECTED]> wrote: >> This is my first run through with Capistrano (v2.4.3) , so I've >> followed the instructions (in "Deploying Rails Applications") and It >> Doesn't Work (tm). >> >> What's killing me is that "cap deploy:setup" creates the basic >> directory structure using sudo, but then when I "cap deploy" it >> doesn't bother with sudo and hence errors out saying "can't create the >> directory". I get the same problem whether I use the default /u/apps/ >> #{application} or /home/#{user}/someplace-else. >> >> There's an earlier thread mentioning the same problem, and the given >> solution is to add "set use_sudo, :false" to deploy.rb >> >> Which is fine if it works, but if you can never get anything to work >> without this setting why is use_sudo defaulting to :true? >> >> Either things have evolved since the instructions in "Deploying Rails >> Applications" was printed or I'm missing something extremely obvious. >> >> My setup is;- >> >> Client server, used for development, and hosting svn. SSH to local >> network staging server with a different username and password. If I >> manually SSH to the staging server then I can svn export the bits I >> need perfectly OK. >> >> So I know the only problem is the permissions set up on the root >> directories created by "cap deploy:setup". Should I edit the >> permissions? If I have to edit them then why are they set up the way >> they are? Why can't I just do "cap deploy:setup" followed by "cap >> deploy"? >> >> All comments appreciated >> >> John Small > > > > --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
