deployer
deployer copied to clipboard
deployphp
Rsync fails with `mkstemp permission denied` when using `sudo` to become another user
- Deployer version: 7.3.1
- Deployment OS: Debian Bookworm
config:
become: "user"
hosts:
example.com:
deploy_path: ~
remote_user: "deployer"
tasks:
upload:
- upload:
src: "cachetool.phar"
dest: "{{deploy_path}}"
Cache tool can be downloaded via:
curl -sLO https://github.com/gordalina/cachetool/releases/latest/download/cachetool.phar
On the server side, there is a user within a group deployment.
Home directories are only writable by the user itself, so neither deployer can write to user nor user can write to deployer home directory.
The deployer user is in the deployment group as well.
The sudoers has:
deployer ALL=(%deployment) NOPASSWD: ALL
[example.com] run rsync '-azP' '-e' 'ssh '\''-o'\'' '\''StrictHostKeyChecking=no'\'' '\''-A'\''' '--rsync-path' 'sudo -H -u user rsync' 'tools/cachetool.phar' '[email protected]:~'
[example.com] err rsync: [receiver] mkstemp "/home/deployer/.cachetool.phar.J81Ii0" failed: Permission denied (13)
Looks to me as if rsync has already executed sudo and became user but somehow wants to create an upload temp file in deployer home directory.
Upvote & Fund
- We're using Polar.sh so you can upvote and help fund this issue.
- We receive the funding once the issue is completed & confirmed by you.
- Thank you in advance for helping prioritize & fund our backlog.
I guess its trying to create that tmp file in deployer home as it connects with [email protected]:~, looks like it has to be an absolute path to the user home directory instead - but not sure what would be the best way to actually determine that 🤔