Capistrano Best Practices: Users + Permissions

Hello!

What would people recommend for a best practice Capistrano config,
specifically re: users and permissions? My current config is something
like:

  • Have a non-root user setup on my remote box (which is the web, app +
    db server) - who is a sudoer
  • Have a group ‘deployers’ to which that account belongs
  • The root user owns the deploy_to parent directory, but the group owner
    is ‘deployers’ and that directory has 775 permissions.
  • The deploy script uses ssh_agent forwarding to allow it to check out
    the code from another server which is the SVN repository
  • The deploy script runs as the non-root user
  • The use_sudo is true (the capistrano default) and sudo is used to
    restart the mongrel cluster and nginx webserver (there are other apps on
    the server too)

Any feedback on this setup – how are other people doing it?

Cheers,

~ Mark

That looks pretty much like how I do things, for whatever that’s
worth. :slight_smile:

  • Jamis

On Thu, 2008-05-08 at 17:04 +0200, Mark D. wrote:

is ‘deployers’ and that directory has 775 permissions.

  • The deploy script uses ssh_agent forwarding to allow it to check out
    the code from another server which is the SVN repository

I prefer using “deploy_via copy”, but other than that, this looks good
to me…

Yours,

tom