以其他用户身份运行任务 [英] Run tasks as another user
问题描述
使用Capistrano v3 ,我如何作为另一个用户通过 su 运行所有远程任务?我在官方文档中找不到任何内容( http://capistranorb.com/ )
在我的用例中,每个虚拟主机有一个SSH用户和一个用户。用户A连接到服务器,应该以用户B的身份运行所有命令。
这不是一个很好的答案,但是我认为如果没有代码修改,您尝试做的事情是不可能的。原因如下:
在两种主要情况下,您会使用其他用户:
- 由于文件所有权,部署需要以特定用户身份运行。
- 部署需要以root用户权限运行。
在第一种情况下,您通常会简单地告诉Capistrano以该用户的身份使用ssh。
在第二种情况下,您将告诉Capistrano使用无密码sudo( http://capistranorb.com/documentation来运行某些命令/ getting-started / authentication-and-authorization /#authorisation )。
我看到一种情况,其中只有一个用户可以通过SSH使用,但是文件所有权和权限基于另一个用户,因此您想将su纳入工作流程。我敢肯定,可以这样做,但是如果必须这样做,我将阅读Capistrano的源代码,并覆盖Shell命令的执行方式。
如果您有一个像 rm 这样的特定命令,需要以其他方式运行用户,您可以使用 SSHKit.config.command_map [:rm] ='sudo rm'机制来完成此操作。
$概括地说,从表面上看,我不认为您要用Capistrano轻松完成。如果您有特定的用例,我们也许可以为您提供一些建议,帮助您以不同的方式解决问题,从而更好地发挥Capistrano的优势。
祝您好运! / p>
更新
capistrano-rbenv宝石具有一种机制它覆盖了所有命令的执行:
task:map_bins do
SSHKit.config.default_env.merge!( {rbenv_root:fetch(:rbenv_path),rbenv_version:fetch(:rbenv_ruby)})
rbenv_prefix = fetch(:rbenv_prefix,proc {#{fetch(:rbenv_path)} / bin / rbenv exec})
SSHKit.config.command_map [:rbenv] =#{fetch(:rbenv_path)} / bin / rbenv
fetch(:rbenv_map_bins).each | command |
SSHKit.config.command_map.prefix [command.to_sym] .unshift(rbenv_prefix)
结束
结束
https ://github.com/capistrano/rbenv/blob/master/lib/capistrano/tasks/rbenv.rake#L17
您可能会成功类似的东西。
Using Capistrano v3, how can I run all remote tasks through su as another user? I cannot find anything in the official documentation (http://capistranorb.com/)
For my use case, there is one SSH user and one user for every virtual host. User A connects to the server and should run all commands as user B.
This isn't much of an answer, but I don't think what you are trying to do is possible without code modifications. Here's why:
There are two primary cases where you would use a different user:
- Deployment needs to run as a particular user because of file ownership.
- Deployment needs to run with root permissions.
In the first case, you generally would simply tell Capistrano to ssh as that user.
In the second case, you would tell Capistrano to run certain commands with paswordless sudo (http://capistranorb.com/documentation/getting-started/authentication-and-authorisation/#authorisation).
I can see a situation where only one user is available via SSH, but file ownership and permissions is based on another user, so you want to make su part of the workflow. I'm sure it is possible to do, but if I had to do it, I would be reading the source code of Capistrano and overriding how shell commands are executed. This would be non-trivial.
If you have a specific command like rm which needs to run as a different user, you may be able to use the SSHKit.config.command_map[:rm] = 'sudo rm' mechanism to do it.
In a nutshell, I don't think what you are asking for is, on its face, easily done with Capistrano. If you have a specific use case, we may be able to offer suggestions as to how you may approach the problem differently which plays better to Capistrano's strengths.
Good luck!
Update
Looking further, the capistrano-rbenv gem has a mechanism by which it has overridden the execution of all commands:
task :map_bins do
SSHKit.config.default_env.merge!({ rbenv_root: fetch(:rbenv_path), rbenv_version: fetch(:rbenv_ruby) })
rbenv_prefix = fetch(:rbenv_prefix, proc { "#{fetch(:rbenv_path)}/bin/rbenv exec" })
SSHKit.config.command_map[:rbenv] = "#{fetch(:rbenv_path)}/bin/rbenv"
fetch(:rbenv_map_bins).each do |command|
SSHKit.config.command_map.prefix[command.to_sym].unshift(rbenv_prefix)
end
end
https://github.com/capistrano/rbenv/blob/master/lib/capistrano/tasks/rbenv.rake#L17
You might have success with something similar.
这篇关于以其他用户身份运行任务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
