Run tasks as another user

て烟熏妆下的殇ゞ 提交于 2019-12-07 22:25:53

问题


Using Capistrano v3, how can I run all remote tasks through su as another user? I cannot find anything in the official documentation (http://capistranorb.com/)

For my use case, there is one SSH user and one user for every virtual host. User A connects to the server and should run all commands as user B.


回答1:


This isn't much of an answer, but I don't think what you are trying to do is possible without code modifications. Here's why:

There are two primary cases where you would use a different user:

  1. Deployment needs to run as a particular user because of file ownership.
  2. Deployment needs to run with root permissions.

In the first case, you generally would simply tell Capistrano to ssh as that user.

In the second case, you would tell Capistrano to run certain commands with paswordless sudo (http://capistranorb.com/documentation/getting-started/authentication-and-authorisation/#authorisation).

I can see a situation where only one user is available via SSH, but file ownership and permissions is based on another user, so you want to make su part of the workflow. I'm sure it is possible to do, but if I had to do it, I would be reading the source code of Capistrano and overriding how shell commands are executed. This would be non-trivial.

If you have a specific command like rm which needs to run as a different user, you may be able to use the SSHKit.config.command_map[:rm] = 'sudo rm' mechanism to do it.

In a nutshell, I don't think what you are asking for is, on its face, easily done with Capistrano. If you have a specific use case, we may be able to offer suggestions as to how you may approach the problem differently which plays better to Capistrano's strengths.

Good luck!

Update

Looking further, the capistrano-rbenv gem has a mechanism by which it has overridden the execution of all commands:

task :map_bins do
  SSHKit.config.default_env.merge!({ rbenv_root: fetch(:rbenv_path), rbenv_version: fetch(:rbenv_ruby) })
  rbenv_prefix = fetch(:rbenv_prefix, proc { "#{fetch(:rbenv_path)}/bin/rbenv exec" })
  SSHKit.config.command_map[:rbenv] = "#{fetch(:rbenv_path)}/bin/rbenv"

  fetch(:rbenv_map_bins).each do |command|
    SSHKit.config.command_map.prefix[command.to_sym].unshift(rbenv_prefix)
  end
end

https://github.com/capistrano/rbenv/blob/master/lib/capistrano/tasks/rbenv.rake#L17

You might have success with something similar.




回答2:


In order to run all remote tasks through su as another user I think you need to change Ownership for that User.

I'm Assuming that deployment folder name is /public_html/test .

sudo chown User:User /public_html/test # `chown` will change the owner ship so that `User` user can `**Read/Write**` 
umask 0002
sudo chown User:User public_html/test/releases
sudo chown User:User public_html/test/shared

Hope this will solve your issue!!!



来源:https://stackoverflow.com/questions/34307582/run-tasks-as-another-user

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!