On Fri, Feb 16, 2007 at 10:13:04PM -0600, Rob Sanheim wrote:
How does everyone handle security so they can do one step deploys?
For instance, right now the user we use for our deployments doesn't
have password-less sudo rights, so I still have to enter a password
for the mongrel restart.
You can lock this further down by not running mongrel_rails as root but
another user, which might be a good idea in case security holes are
found in mongrel.
Or in your code as Rails then also runs as root which you should
definitely avoid.
Jonathan
--
Jonathan Weiss
Rob,
I think passwordless sudo rights on a production box are a bad idea,
personally. It's not such a horrible thing to require a password; you
can mitigate the pain somewhat by forcing Capistrano to prompt you
for it right away, instead of at the moment it is first needed:
cap -p --
