Permanently switching user in Capistrano 3 (separate authorization & deploy)

Question

We have following pattern in server management - all users do have their own user, but deploy is fully performed by special deploy user, without direct login possibility.

Answer 1

Since I had received no proper answer and didn't got the idea myself, I decided to ask authors. Capistrano 3.x uses SSHKit to manage remote execution commands, and here's their answer:

You could try overriding the command map such that every command gets prefixed with the desired sudo string. https://github.com/capistrano/sshkit/blob/master/README.md#the-command-map

SSHKit.config.command_map = Hash.new do |hash, command|
  hash[command] = "<<sudo stuff goes here>> #{command}"
end

The documentation says "this may not be wise, but it would be possible". YMMV