laravel icon indicating copy to clipboard operation
laravel copied to clipboard

Published 20 hours ago verified publisher icon capistrano

Possibility to use chmod instead of acl?

Open allaire opened this issue 10 years ago • 9 comments

Might be a better default for most of the people, since the ACL package is not under ubuntu by default.

At least maybe we should add more docs about it?

allaire avatar Mar 04 '14 16:03 allaire

Hi @allaire, the reason I chose acl as the default is because I felt is was more secure. With ACL you only give permissions to those you explicitly define (usually the deploying user, and the web-server user).

Chmod is a little more of a sledgehammer approach, although I agree that it is a pain point that setfacl is not there by default.

I agree the documentation needs improving, perhaps I will work on that first (unless you are offering :smile:)

peterjmit avatar Mar 06 '14 04:03 peterjmit

For some reason, even with ACL installed, and rwx on www-data (running on ubuntu 12.04), Laravel can't write to storage directory on errrors. any ideas?

Note that it's not able to write in storage/ when I get an error using Laravel 4 smart errors

allaire avatar Mar 26 '14 01:03 allaire

Do you know what version of https://github.com/capistrano/file-permissions you have?

The problem could lie with the sefacl call not being recursive (can you paste the output)

peterjmit avatar Mar 26 '14 14:03 peterjmit

Here's my lock file

GEM
  remote: https://rubygems.org/
  specs:
    capistrano (3.1.0)
      i18n
      rake (>= 10.0.0)
      sshkit (~> 1.3)
    capistrano-composer (0.0.3)
      capistrano (>= 3.0.0.pre)
    capistrano-file-permissions (0.1.0)
      capistrano (>= 3.0.0)
    capistrano-laravel (0.0.2)
      capistrano (>= 3.0.0)
      capistrano-composer (>= 0.0.3)
      capistrano-file-permissions
    i18n (0.6.9)
    net-scp (1.1.2)
      net-ssh (>= 2.6.5)
    net-ssh (2.7.0)
    rake (10.1.1)
    sshkit (1.3.0)
      net-scp (>= 1.1.2)
      net-ssh
      term-ansicolor
    term-ansicolor (1.2.2)
      tins (~> 0.8)
    tins (0.13.1)

PLATFORMS
  ruby

DEPENDENCIES
  capistrano (~> 3.1.0)
  capistrano-laravel

Here's the output the setfacl

 INFO [22a4e32c] Running /usr/bin/env setfacl -m u:www-data:rwx,u:my_user:rwx /home/my_user/apps/new/releases/20140326172906/app/storage /home/my_user/apps/new/releases/20140326172906/app/storage/cache /home/my_user/apps/new/releases/20140326172906/app/storage/logs /home/my_user/apps/new/releases/20140326172906/app/storage/meta /home/my_user/apps/new/releases/20140326172906/app/storage/sessions /home/my_user/apps/new/releases/20140326172906/app/storage/views on staging.my_user.com
DEBUG [22a4e32c] Command: /usr/bin/env setfacl -m u:www-data:rwx,u:my_user:rwx /home/my_user/apps/new/releases/20140326172906/app/storage /home/my_user/apps/new/releases/20140326172906/app/storage/cache /home/my_user/apps/new/releases/20140326172906/app/storage/logs /home/my_user/apps/new/releases/20140326172906/app/storage/meta /home/my_user/apps/new/releases/20140326172906/app/storage/sessions /home/my_user/apps/new/releases/20140326172906/app/storage/views
 INFO [22a4e32c] Finished in 0.069 seconds with exit status 0 (successful).
 INFO [2d14f336] Running /usr/bin/env setfacl -Rdm u:www-data:rwx,u:my_user:rwx /home/my_user/apps/new/releases/20140326172906/app/storage /home/my_user/apps/new/releases/20140326172906/app/storage/cache /home/my_user/apps/new/releases/20140326172906/app/storage/logs /home/my_user/apps/new/releases/20140326172906/app/storage/meta /home/my_user/apps/new/releases/20140326172906/app/storage/sessions /home/my_user/apps/new/releases/20140326172906/app/storage/views on staging.my_user.com
DEBUG [2d14f336] Command: /usr/bin/env setfacl -Rdm u:www-data:rwx,u:my_user:rwx /home/my_user/apps/new/releases/20140326172906/app/storage /home/my_user/apps/new/releases/20140326172906/app/storage/cache /home/my_user/apps/new/releases/20140326172906/app/storage/logs /home/my_user/apps/new/releases/20140326172906/app/storage/meta /home/my_user/apps/new/releases/20140326172906/app/storage/sessions /home/my_user/apps/new/releases/20140326172906/app/storage/views

allaire avatar Mar 26 '14 14:03 allaire

I had to use:

namespace :deploy do
  after :updated, 'deploy:set_permissions:chmod'
end

In order to make it works correctly.

allaire avatar Mar 26 '14 17:03 allaire

Sorry for the late response. I'll be helping maintain this plugin for the foreseeable future. If any of these issues are still persisting (all of the tickets are quite old), please let me know and I will do what I can to try and help fix things.

ikari7789 avatar Apr 02 '16 05:04 ikari7789

FWIW, I also had to deal with this, in an Ubuntu environment without setfacl (and without the ability to install it).

Ended up setting laravel_set_acl_paths to false, and that seems to have fixed the problem.

chrisvanpatten avatar Jun 17 '16 20:06 chrisvanpatten

The latest version of the gem released should have a flag to set this. I don't think I implemented chmod, I'll look into it, but you should be able to toggle on/off the permission setting.

Sent from my iPhone

On Jun 18, 2016, at 05:11, Chris Van Patten [email protected] wrote:

FWIW, I also had to deal with this, in an Ubuntu environment without setfacl (and without the ability to install it).

Ended up setting laravel_set_acl_paths to false, and that seems to have fixed the problem.

― You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

ikari7789 avatar Jun 17 '16 22:06 ikari7789

Problem is that acl is combined with POSIX permissions [1] so setting ACL only isn't enough in some case, resulting in :

user:www-data:rwx #effective:r-x

[1] http://www.vanemery.com/Linux/ACL/POSIX_ACL_on_Linux.html

osaris avatar Jul 10 '16 15:07 osaris