Capistrano使用sudo甚至使用“ set:use_sudo,false” [英] Capistrano using sudo even with "set :use_sudo, false"
问题描述
我不希望通过Capistrano对任何远程执行的命令使用sudo。具体来说,当我运行 cap deploy:setup 时,在第一个 mkdir 命令中要求输入我的sudo密码。我在我的deploy.rb文件中添加了 set:use_sudo,false ,但这没有什么不同。
I do not wish to use sudo for any of my remotely executed commands via Capistrano. Specifically, when I run cap deploy:setup, I'm asked for my sudo password during the first mkdir command. I added set :use_sudo, false to my deploy.rb file, but this did not make a difference.
我从一个相当完整的deploy.rb文件开始,但是一旦遇到问题,就将其缩减。这是我的最低版本,仍然显示 use_sudo 不被尊重:
I started with a fairly complete deploy.rb file, but whittled it down once I started having issues. Here is my minimal version that still shows use_sudo not being respected:
# App Definitions
set :domain, '[server-ip]'
role :app, domain
role :web, domain
role :db, domain, :primary => true
set :user, "my_app"
set :use_sudo, false
task :sudo_test do
run "#{try_sudo} whoami"
end
运行 cap sudo_test 结果提示我输入我的sudo密码。我在这里想念的东西(除了已经拔掉的头发)?
running cap sudo_test results in me being prompted for my sudo password. What am I missing here (besides the hair I've already pulled out)?
Google Findings
https://groups.google.com/forum/?fromgroups#! topic / capistrano / QNYnvW8obrg
与某人有类似问题的线程。线程中没有结论或解决方案。
A thread with someone having a similar issue. No conclusion/resolution noted in the thread.
推荐答案
显然,对于某些capistrano任务,无法禁用sudo功能。假定服务器上的非特权用户不应执行某些任务。
Apparently, it is not possible to disable sudo functionality with certain capistrano tasks. The assumption is that the unprivileged user on the server should not be able to carry out certain tasks.
有问题的命令是 mkdir 。我认为,如果父文件夹是他们有权执行此操作的文件夹,那么没有特权的用户应该可以运行此命令。我还要指出,该用户实际上可能是特权用户,例如root。最佳实践?不必要。在某些部署的合理范围内,是的。
The command in question is mkdir. I'd argue that an unprivileged user should be able to run this command if the parent folder is one that they have permission to do so for. I'd also argue that the user may in fact be a privileged user, such as root. Best practice? Not necessarily. Within the realm of reason for certain deployments, yes.
以下是对我原始问题的回答的链接:
Here is the link to the response to my original question:
https://github.com/capistrano/capistrano/issues/211# issuecomment-7667467
这篇关于Capistrano使用sudo甚至使用“ set:use_sudo,false”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
