Reputation: 644
Can you use capistrano if you need to sudo su into another user?
I'm trying to get capistrano working on my groups project. Due to department restrictions, we have to log in as ourselves, then sudo su into a shared project user. That project user that we sudo su - projectuser into, has the permissions needed to access the projects directories. I'm having a hard time figuring out how to make this work with capistrano. Any help would be appreciated.
Upvotes: 3
Views: 4584
Answers (2)
Reputation: 14408
man sudo
-u user The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a user name, use #uid. When running commands as a
uid, many shells require that the '#' be escaped with a backslash ('\'). Note that if the targetpw Defaults option is set (see sudoers(5)) it is not possible to run
commands with a uid not listed in the password database.
-i [command]
The -i (simulate initial login) option runs the shell specified in the passwd(5) entry of the target user as a login shell. This means that login-specific resource
files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution. Otherwise, an interactive shell is
executed. sudo attempts to change to that user's home directory before running the shell. It also initializes the environment, leaving DISPLAY and TERM unchanged,
setting HOME, MAIL, SHELL, USER, LOGNAME, and PATH, as well as the contents of /etc/environment on Linux and AIX systems. All other environment variables are removed.
Sudo already supports running commands as a specific user, instead of root. So instead of running sudo mkdir some_folder, you can simply run sudo -u your_user mkdir some_folder, and it will just execute all commands as that user.
Additionally, the -i flag will instruct sudo to start a new shell and run the commands. The new shell will be initialized just like a login shell (it will switch to the user's home directory, re-initialize HOME and other variables, etc). Its the closest possible to running sudo su - your_user.
To make Capistrano use sudo -u <your-user> -i instead of just sudo, set the following configuration in your deploy.rb:
set :use_sudo, true
set :sudo, "sudo -u <your-user> -i"
And Capistrano will now use the given user for all sudo commands, with a fresh new login shell.
Upvotes: 1
Reputation: 13354
Check out the following answer:
How can I switch user in a Capistrano task?
Of course, you would want to modify that code in order to perform the sudo su - projectuser instead of a simple sudo to root.
I've never done this myself, but it seems like it would work. You could test this out using cap shell as well. Personally, I'd recommend playing around with cap shell first.
Additionally, there's another option here, but I think the original link above provides a better chance of working.
Upvotes: 0
Related Questions
- Ruby RVM under another user from Bash script
- Permanently switching user in Capistrano 3 (separate authorization & deploy)
- Capistrano Multi-user Deployment
- How to have sudo -u user for all capistrano tasks that are to be run?
- Capistrano sudo password prompt
- Run capistrano tasks as different user
- Capistrano with only 'sudo su - user' allowed
- Switching the user while deploying with capistrano?
- Rails Capistrano deployment user
- Run deployment task as different users