I guess what I was wondering is whether you were using the 'run' command or the 'sudo' command in your capistrano tasks - I know I've made the mistake of using the latter when 'run' would have been the better choice.
-- Pat On 23/05/2009, at 5:59 PM, Elad Meidar wrote: > > now SSH. i thought about testing the configuration and running process > manually before deploying with it. > > > > On May 23, 6:34 pm, Pat Allan <[email protected]> wrote: >> How are you running the rake task? Via capistrano? Or ssh'd into your >> production machine? >> >> -- >> Pat >> >> On 23/05/2009, at 3:23 PM, Elad Meidar wrote: >> >> >> >>> i'm running passenger on the default apache user www-data, i didn't >>> change nothing from the default apache/passenger installations. >> >>> i tried a little test.... >> >>> i chown'ed the *detla* files to web:web, just like the *core* files >>> and checked that it really happened. >>> then, i ran "rake RAILS_ENV=production ts:index --rotate" and listed >>> the files again. >> >>> owner was again root. >> >>> On May 23, 4:37 pm, Pat Allan <[email protected]> wrote: >>>> Are your mongrels running as root? Or passenger? This is the >>>> process >>>> that will invoke delta indexing, and thus overwrite the existing >>>> files >>>> to new ones with root access only. >> >>>> -- >>>> Pat >> >>>> On 23/05/2009, at 1:34 PM, Elad Meidar wrote: >> >>>>> Well, i moved everything to web >>>>> (ts:stop, ts:index, :ts:start after clearing all the db/sphinx >>>>> folder) >> >>>>> but still all the delta files are created under the root >>>>> ownership, i >>>>> really don't know why.. i am sure that only the web user is doing >>>>> any >>>>> kind of thinking_sphinx related actions. >>>>> when i manually chown the files to be under the "web" user, deltas >>>>> appear on search and everything is awesome. >> >>>>> this is my crontab for the web user... any idea how or who is >>>>> changing >>>>> those files ownerships? >> >>>>> */2 * * * * cd /var/www/statussearch2/current/ && rake >>>>> RAILS_ENV=production ts:index --rotate >>>>> * */5 * * * cd /var/www/statussearch2/current/ && rake >>>>> RAILS_ENV=production ts:index >> >>>>> On May 23, 10:20 am, Elad Meidar <[email protected]> wrote: >>>>>> well, the rake tasks are run by the deploying user, which is >>>>>> 'web' >> >>>>>> but i think that there are some cron tasks (--rotate for example) >>>>>> that >>>>>> are run by 'root' >> >>>>>> i'll move everything to 'web' and i'll see where it's heading. >> >>>>>> Thnx. >> >>>>>> On May 23, 2:19 am, James Healy <[email protected]> wrote: >> >>>>>>> Pat Allan wrote: >>>>>>>> You need the web server and the rake tasks to be run by the >>>>>>>> same >>>>>>>> user >>>>>>>> - either both by root, or some other user of your choice. This >>>>>>>> should >>>>>>>> avoid any permissions issues. >> >>>>>>>> The *easiest* way is probably to run the rake tasks with sudo - >>>>>>>> not >>>>>>>> convinced that's the *best* way though. Others may know >>>>>>>> better :) >> >>>>>>> As a general rule you really don't want to run internet >>>>>>> accessible >>>>>>> daemons as root. >> >>>>>>> I personally use the Debian convention of www-data user and >>>>>>> group >>>>>>> for my >>>>>>> webserver, mongrels and cron triggered rake tasks. It doesn't >>>>>>> matter too >>>>>>> much which user you use, just pick or create one with reduced >>>>>>> privileges. You want to minimise the impact of a malicious user >>>>>>> finding >>>>>>> an exploitable bug in the prcess. >> >>>>>>> -- James Healy <jimmy-at-deefa-dot-com> Sat, 23 May 2009 >>>>>>> 16:14:36 >>>>>>> +1000 > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en -~----------~----~----~----~------~----~------~--~---
