Hi,
I am trying to prevent deploy:cleanup from using sudo, but I want to
use sudo for my other deploy: stop, start & restart tasks.
I thought that I might be able to set :use_sudo to false
before :cleanup with (inside the deploy namespace):
before :cleanup do
set :use_sudo, :false
end
but that didn't work, so I tried:
before :cleanup do
set :run_method, :run
end
which also failed.
So I was wondering if anybody knows it it's possible to do this?
I did think about overriding the task, setting the run_method to :run
and calling the original implementation, but I couldn't work out how
to do that either!
Can anyone shed any light on this, please?
The reason I would like to do this (if it helps) is that I run the app
as a severely restricted user that has its password disabled. This
means that I have to configure the commands that are used with
"NOPASSWD:" in /etc/sudoers. So far, all that this user can sudo is
monit and nginx, but now this means adding rm to the users list of
commands. Which means that if it was compromised it could quite
easily execute 'sudo rm -rf /' ...
Any help anyone can give will be gratefully received!
Thanks in advance!
Cheers,
-Carl
--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---
