} else {
run("{$sudo} chmod 777 {$dirs}");
}
} catch (\RuntimeException $e) {
$formatter = \Deployer\Deployer::get()->getHelper('formatter');
$errorMessage = ["Unable to setup correct permissions for writable dirs. ", "You need co configure sudo's sudoers files to don't prompt for password,", "or setup correct permissions manually. "];
write($formatter->formatBlock($errorMessage, 'error', true));
throw $e;
}
}
})->desc('Make writable dirs');
/**
* Installing vendors tasks.
*/
task('deploy:vendors', function () {
if (commandExist('composer')) {
$composer = 'composer';
} else {
run("cd {{release_path}} && curl -sS https://getcomposer.org/installer | php");
$composer = 'php composer.phar';
}
run("cd {{release_path}} && {{env_vars}} {$composer} {{composer_options}}");
})->desc('Installing vendors');
/**
* Create symlink to last release.
*/
task('deploy:symlink', function () {
run("cd {{deploy_path}} && ln -sfn {{release_path}} current");
// Atomic override symlink.
run("cd {{deploy_path}} && rm release");
// Remove release link.
run("{$sudo} chmod 777 -R {$dirs}");
}
} catch (\RuntimeException $e) {
$formatter = \Deployer\Deployer::get()->getHelper('formatter');
$errorMessage = ["Unable to setup correct permissions for writable dirs. ", "You need to configure sudo's sudoers files to not prompt for password,", "or setup correct permissions manually. "];
write($formatter->formatBlock($errorMessage, 'error', true));
throw $e;
}
}
})->desc('Make writable dirs');
/**
* Installing vendors tasks.
*/
task('deploy:vendors', function () {
$composer = get('composer_command');
if (!commandExist($composer)) {
run("cd {{release_path}} && curl -sS https://getcomposer.org/installer | php");
$composer = 'php composer.phar';
}
$composerEnvVars = env('env_vars') ? 'export ' . env('env_vars') . ' &&' : '';
run("cd {{release_path}} && {$composerEnvVars} {$composer} {{composer_options}}");
})->desc('Installing vendors');
/**
* Create symlink to last release.
*/
task('deploy:symlink', function () {
run("cd {{deploy_path}} && ln -sfn {{release_path}} current");
// Atomic override symlink.
run("cd {{deploy_path}} && rm release");
// Remove release link.
})->desc('Creating symlink to release');
$sudo = get('writable_use_sudo') ? 'sudo' : '';
$httpUser = get('http_user');
if (!empty($dirs)) {
try {
if (null === $httpUser) {
$httpUser = run("ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\\ -f1")->toString();
}
cd('{{release_path}}');
// Try OS-X specific setting of access-rights
if (strpos(run("chmod 2>&1; true"), '+a') !== false) {
if (!empty($httpUser)) {
run("{$sudo} chmod +a \"{$httpUser} allow delete,write,append,file_inherit,directory_inherit\" {$dirs}");
}
run("{$sudo} chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" {$dirs}");
// Try linux ACL implementation with unsafe fail-fallback to POSIX-way
} elseif (commandExist('setfacl')) {
if (!empty($httpUser)) {
if (!empty($sudo)) {
run("{$sudo} setfacl -R -m u:\"{$httpUser}\":rwX -m u:`whoami`:rwX {$dirs}");
run("{$sudo} setfacl -dR -m u:\"{$httpUser}\":rwX -m u:`whoami`:rwX {$dirs}");
} else {
// When running without sudo, exception may be thrown
// if executing setfacl on files created by http user (in directory that has been setfacl before).
// These directories/files should be skipped.
// Now, we will check each directory for ACL and only setfacl for which has not been set before.
$writeableDirs = get('writable_dirs');
foreach ($writeableDirs as $dir) {
// Check if ACL has been set or not
$hasfacl = run("getfacl -p {$dir} | grep \"^user:{$httpUser}:.*w\" | wc -l")->toString();
// Set ACL for directory if it has not been set before
if (!$hasfacl) {
/**
* Deployment ensure-writable paths for web-server writable directories
*/
public function deployWritable()
{
$preOpts = get('writable_use_sudo') ? 'sudo' : '';
$webUser = $this->getWebUser();
if (empty($directories = join(' ', get('writable_dirs')))) {
return;
}
try {
cd('{{release_path}}');
// osx access rights
if (null !== $webUser && strpos(run('chmod 2>&1; true'), '+a') !== false) {
run(sprintf('%s chmod +a "%s allow delete,write,append,file_inherit,directory_inherit" %s', $preOpts, $webUser, $directories));
run(sprintf('%s chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" %s', $preOpts, $directories));
return;
}
// use posix if no web user is set or no linux acl is available
if (null === $webUser || !commandExist('setfacl')) {
run(sprintf('%s chmod 777 -R %s', $preOpts, $directories));
return;
}
// linux acl (using sudo)
if (!empty($preOpts)) {
foreach (['u', 'g'] as $type) {
run(sprintf('%s setfacl -R -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $preOpts, $type, $webUser, $type, $directories));
run(sprintf('%s setfacl -dR -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $preOpts, $type, $webUser, $type, $directories));
}
return;
}
// linux acl (without sudo, skip any directories that already have acl applies)
foreach (get('writable_dirs') as $d) {
// Check if ACL has been set or not
if (run(sprintf('getfacl -p %s | grep "^user:%s:.*w" | wc -l', $d, $webUser))->toString()) {
continue;
}
// Set ACL for directory if it has not been set before
foreach (['u', 'g'] as $type) {
run(sprintf('setfacl -R -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $type, $webUser, $type, $d));
run(sprintf('setfacl -dR -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $type, $webUser, $type, $d));
}
}
} catch (\RuntimeException $e) {
$this->writeErrorLine('Unable to setup correct permissions for writable dirs. Setup permissions manually or setup sudoers file to not prompt for password');
throw $e;
}
}
