Cmnd_Alias may need * in order to run ok.
For instance:
Cmnd_Alias DEPLOY_CMDS=/bin/mkdir /u/apps/*, /bin/rm /u/apps/*, /bin/ln
-s /u/apps/* *
The last part is:
%deployers ALL=NOPASSWD: DEPLOY_CMDS
I'm still using this conf so far. I'm thinking however to use a no-sudo
approach for deploying, since most of the commands would not need it.
Best regards,
Manuel.
On 05/13/2011 09:46 AM, Lee Hambley wrote:
Tim,
If you use `visudo` it's as easy as doing something like:
Cmnd_Alias DEPLOY_CMDS=/usr/bin/whatever, /usr/sbin/whatever-else
%deployers (ALL);NOPASSWD; DEPLOYCMDS
Check the exact syntax (sorry, no time to look it up, and that above
is definitely wrong!) but it grants passwordless access to select
white-listed commands to members of certain groups, which is a
secure-enough solution I think.
Beware for security reasons of granting `nopasswd sudo` to utils like
`find` (which have an -exec option) - for the paranoid, that is.
- Lee
--
* You received this message because you are subscribed to the Google Groups
"Capistrano" group.
* To post to this group, send email to [email protected]
* To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/capistrano?hl=en
