I do not wish to use sudo for any of my remotely executed commands via Capistrano. Specifically, when I run cap deploy:setup
, I'm asked for my sudo password during the first mkdir
command. I added set :use_sudo, false
to my deploy.rb file, but this did not make a difference.
I started with a fairly complete deploy.rb file, but whittled it down once I started having issues. Here is my minimal version that still shows use_sudo
not being respected:
# App Definitions
set :domain, '[server-ip]'
role :app, domain
role :web, domain
role :db, domain, :primary => true
set :user, "my_app"
set :use_sudo, false
task :sudo_test do
run "#{try_sudo} whoami"
end
running cap sudo_test
results in me being prompted for my sudo password. What am I missing here (besides the hair I've already pulled out)?
Google Findings
https://groups.google.com/forum/?fromgroups#!topic/capistrano/QNYnvW8obrg
A thread with someone having a similar issue. No conclusion/resolution noted in the thread.
For anyone else who runs into this issue and is a fool like me. Make sure you arn't quoting false. I had:
set :use_sudo, "false"
and when I switched it to
set :use_sudo, false
most things started working the way I expected. As YWCA Hello points out there are still commands that ignore the use_sudo setting. However, don't forget to set it correctly.
Apparently, it is not possible to disable sudo functionality with certain capistrano tasks. The assumption is that the unprivileged user on the server should not be able to carry out certain tasks.
The command in question is mkdir
. I'd argue that an unprivileged user should be able to run this command if the parent folder is one that they have permission to do so for. I'd also argue that the user may in fact be a privileged user, such as root. Best practice? Not necessarily. Within the realm of reason for certain deployments, yes.
Here is the link to the response to my original question:
https://github.com/capistrano/capistrano/issues/211#issuecomment-7667467
来源:https://stackoverflow.com/questions/10761534/capistrano-using-sudo-even-with-set-use-sudo-false