} else { run("{$sudo} chmod 777 {$dirs}"); } } catch (\RuntimeException $e) { $formatter = \Deployer\Deployer::get()->getHelper('formatter'); $errorMessage = ["Unable to setup correct permissions for writable dirs. ", "You need co configure sudo's sudoers files to don't prompt for password,", "or setup correct permissions manually. "]; write($formatter->formatBlock($errorMessage, 'error', true)); throw $e; } } })->desc('Make writable dirs'); /** * Installing vendors tasks. */ task('deploy:vendors', function () { if (commandExist('composer')) { $composer = 'composer'; } else { run("cd {{release_path}} && curl -sS https://getcomposer.org/installer | php"); $composer = 'php composer.phar'; } run("cd {{release_path}} && {{env_vars}} {$composer} {{composer_options}}"); })->desc('Installing vendors'); /** * Create symlink to last release. */ task('deploy:symlink', function () { run("cd {{deploy_path}} && ln -sfn {{release_path}} current"); // Atomic override symlink. run("cd {{deploy_path}} && rm release"); // Remove release link.
run("{$sudo} chmod 777 -R {$dirs}"); } } catch (\RuntimeException $e) { $formatter = \Deployer\Deployer::get()->getHelper('formatter'); $errorMessage = ["Unable to setup correct permissions for writable dirs. ", "You need to configure sudo's sudoers files to not prompt for password,", "or setup correct permissions manually. "]; write($formatter->formatBlock($errorMessage, 'error', true)); throw $e; } } })->desc('Make writable dirs'); /** * Installing vendors tasks. */ task('deploy:vendors', function () { $composer = get('composer_command'); if (!commandExist($composer)) { run("cd {{release_path}} && curl -sS https://getcomposer.org/installer | php"); $composer = 'php composer.phar'; } $composerEnvVars = env('env_vars') ? 'export ' . env('env_vars') . ' &&' : ''; run("cd {{release_path}} && {$composerEnvVars} {$composer} {{composer_options}}"); })->desc('Installing vendors'); /** * Create symlink to last release. */ task('deploy:symlink', function () { run("cd {{deploy_path}} && ln -sfn {{release_path}} current"); // Atomic override symlink. run("cd {{deploy_path}} && rm release"); // Remove release link. })->desc('Creating symlink to release');
$sudo = get('writable_use_sudo') ? 'sudo' : ''; $httpUser = get('http_user'); if (!empty($dirs)) { try { if (null === $httpUser) { $httpUser = run("ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\\ -f1")->toString(); } cd('{{release_path}}'); // Try OS-X specific setting of access-rights if (strpos(run("chmod 2>&1; true"), '+a') !== false) { if (!empty($httpUser)) { run("{$sudo} chmod +a \"{$httpUser} allow delete,write,append,file_inherit,directory_inherit\" {$dirs}"); } run("{$sudo} chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" {$dirs}"); // Try linux ACL implementation with unsafe fail-fallback to POSIX-way } elseif (commandExist('setfacl')) { if (!empty($httpUser)) { if (!empty($sudo)) { run("{$sudo} setfacl -R -m u:\"{$httpUser}\":rwX -m u:`whoami`:rwX {$dirs}"); run("{$sudo} setfacl -dR -m u:\"{$httpUser}\":rwX -m u:`whoami`:rwX {$dirs}"); } else { // When running without sudo, exception may be thrown // if executing setfacl on files created by http user (in directory that has been setfacl before). // These directories/files should be skipped. // Now, we will check each directory for ACL and only setfacl for which has not been set before. $writeableDirs = get('writable_dirs'); foreach ($writeableDirs as $dir) { // Check if ACL has been set or not $hasfacl = run("getfacl -p {$dir} | grep \"^user:{$httpUser}:.*w\" | wc -l")->toString(); // Set ACL for directory if it has not been set before if (!$hasfacl) {
/** * Deployment ensure-writable paths for web-server writable directories */ public function deployWritable() { $preOpts = get('writable_use_sudo') ? 'sudo' : ''; $webUser = $this->getWebUser(); if (empty($directories = join(' ', get('writable_dirs')))) { return; } try { cd('{{release_path}}'); // osx access rights if (null !== $webUser && strpos(run('chmod 2>&1; true'), '+a') !== false) { run(sprintf('%s chmod +a "%s allow delete,write,append,file_inherit,directory_inherit" %s', $preOpts, $webUser, $directories)); run(sprintf('%s chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" %s', $preOpts, $directories)); return; } // use posix if no web user is set or no linux acl is available if (null === $webUser || !commandExist('setfacl')) { run(sprintf('%s chmod 777 -R %s', $preOpts, $directories)); return; } // linux acl (using sudo) if (!empty($preOpts)) { foreach (['u', 'g'] as $type) { run(sprintf('%s setfacl -R -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $preOpts, $type, $webUser, $type, $directories)); run(sprintf('%s setfacl -dR -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $preOpts, $type, $webUser, $type, $directories)); } return; } // linux acl (without sudo, skip any directories that already have acl applies) foreach (get('writable_dirs') as $d) { // Check if ACL has been set or not if (run(sprintf('getfacl -p %s | grep "^user:%s:.*w" | wc -l', $d, $webUser))->toString()) { continue; } // Set ACL for directory if it has not been set before foreach (['u', 'g'] as $type) { run(sprintf('setfacl -R -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $type, $webUser, $type, $d)); run(sprintf('setfacl -dR -m "%s:%s:rwX" -m "%s:`whoami`:rwX" %s', $type, $webUser, $type, $d)); } } } catch (\RuntimeException $e) { $this->writeErrorLine('Unable to setup correct permissions for writable dirs. Setup permissions manually or setup sudoers file to not prompt for password'); throw $e; } }