Update deploy:writable_dirs: When running WITHOUT sudo, exec setfacl once only #442
Conversation
|
Cool! I'm going to merge. Can any one to test it? @oanhnn @deployphp/maintainer ? |
| run("$sudo setfacl -R -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs"); | ||
| run("$sudo setfacl -dR -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs"); | ||
| } else { | ||
| // If run without sudo, check each dir |
There was a problem hiding this comment.
@vanquang9387 can you add more comments here, why this is necessary.
There was a problem hiding this comment.
@Elfet
On first deploy:
setfacl -R -m u:"apache":rwX -m u:`whoami`:rwX app/webroot/images
Then, apache creates files:
$ ll current/app/webroot/images/
total 112
-rw-r--r--. 1 apache apache 34821 Aug 21 17:07 1440144423_main.png
-rw-r--r--. 1 apache apache 34821 Aug 21 17:07 1440144423.png
-rw-rw-r--+ 1 apache apache 34821 Aug 21 17:07 1440144441_55d6dc39ce799.png
Next, exec setfacl on next deploy will throw runtime exception:
Run: cd /var/www/html/project/releases/20150821170801 && setfacl -R -m u:"apache":rwX -m u:`whoami`:rwX app/webroot/images
Unable to setup correct permissions for writable dirs.
You need co configure sudo's sudoers files to don't prompt for password,
or setup correct permissions manually.
[RuntimeException]
setfacl: app/webroot/images/1440144441_55d6dc39ce799.png: Operation not permitted
setfacl: app/webroot/images/1440144423_main.png: Operation not permitted
setfacl: app/webroot/images/1440144423.png: Operation not permitted
I mentioned this problem here: #433 (comment)
Do you need more comments in the code?
There was a problem hiding this comment.
@Elfet comments added 🌟
|
ping @Elfet |
|
This PR has some issues:
And one issue of Deployer:
|
|
@oanhnn Please check my new commit. |
Update deploy:writable_dirs: When running WITHOUT sudo, exec setfacl once only
|
Thank you! |
|
This still has a problem it does not check recursively for example with a config like this: set('shared_dirs', [
'data/tmp'
]);
set('writable_dirs', [
'data',
]);will fail because acl is set on data/tmp and files within but this PR only checks if data/ has acl set or not. |
When run deploy:writable_dirs WITHOUT sudo, exception maybe thrown if setfacl run on files created by http user (in directory that has been setfacl before). These directories/files should be skipped.
Ref: #433 (comment)